Values for x-content-security-policy: default-src 'self'; img-src *; media-src * data:; 386 frame-ancestors 'self' 386 default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 209 img-src *; media-src * data:; 146 allow 'self'; 111 default-src 'self'; script-src 'self'; 61 default-src 'self' 'unsafe-inline' 51 report-uri /report-csp-violation 49 default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 44 default-src 'self' 36 report-uri /report-csp-violation; upgrade-insecure-requests 30 default-src 'self'; script-src 'self' 'unsafe-inline' 25 upgrade-insecure-requests 19 frame-ancestors 'none' 15 default-src 'self'; 15 frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 14 13 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 12 frame-ancestors https://*.marketo.com 10 allow 'self'; media-src *; img-src *; script-src *; style-src *; 10 sandbox allow-scripts allow-popups allow-same-origin; 9 frame-ancestors 'self'; 9 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 8 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 8 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 8 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 8 frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 7 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 7 allow-scripts allow-popups allow-same-origin; 7 frame-ancestors * 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 7 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 6 frame-ancestors 'self' https://optimize.google.com/ 6 frame-ancestors https://*.mediamarkt.se https://*.teknikproffset.se 'self' 6 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 6 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6 script-src 'self' 6 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 5 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 5 nosniff 5 base-uri 'none'; default-src 'self' https://accesso.com https://cdn.cookielaw.org https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://analytics.google.com https://app.marker.io https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://code.jquery.com https://edge.marker.io https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://marker.io https://pi.pardot.com https://secure.agileenterpriseintelligence.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://accesso.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://www.googletagmanager.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://privacy-policy.truste.com https://media.marker.io https://app.marker.io https://edge.marker.io blob: data:; connect-src 'self' https://analytics.google.com https://api.marker.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://idx.liadm.com https://privacyportal.onetrust.com https://ssr.marker.io https://stats.g.doubleclick.net https://www.googletagmanager.com; font-src 'self' https://app.marker.io https://cloud.typography.com https://edge.marker.io https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com data:; frame-src 'self' https://bid.g.doubleclick.net https://hello.accesso.com/ https://app.marker.io https://player.vimeo.com/ https://polaris.brighterir.com https://www.youtube.com; 5 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 5 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 5 frame-ancestors 'self' weleda.sabio.de 5 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 5 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 5 upgrade-insecure-requests; 4 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 4 frame-ancestors https://members.cafepress.com https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4 block-all-mixed-content 4 default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 4 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org urldefense.com *.samlassertion *.gstatic.com *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.urldefense.com *.googleapis.com; report-uri /report-csp-violation 4 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 4 script-src 'self'; 4 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 4 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 4 default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 4 default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:; 4 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://my.visme.co 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 3 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 3 frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 3 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 3 script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self' 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 frame-ancestors www.red-gate.com; 3 default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net; report-uri /report-csp-violation 3 default-src matomo.iserv.eu forms.www-marketing.iserv.eu 'self'; script-src matomo.iserv.eu 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu; font-src 'self' data:; 3 frame-ancestors 'none'; 3 connect-src 'self' 3 default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src * 'self' https://www.youtube.com https://www.googletagmanager.com https://www.youtube-nocookie.com http://*.dynamics.com http://*.google.de http://*.google.com; frame-ancestors * http://*.dynamics.com 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3 frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com p.teads.tv assets.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com p.teads.tv assets.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com; font-src 'self' *.googleapis.com *.gstatic.com acsbapp.com data:; connect-src 'self' * blob:; report-uri /report-csp-violation 3 default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval' data: 3 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 3 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 3 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 3 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 3 frame-ancestors 'self' *.volusion.com 3 allow *; options inline-script eval-script; frame-ancestors 'self'; 3 default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3 self 3 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 3 frame-ancestors 'self' https://mycourses.w3schools.com; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 2 frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 2 frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 2 default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 2 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2 frame-ancestors 'self' *.vendhq.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 2 default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com https://stats.tubetraffic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com https://stats.tubetraffic.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com https://stats.tubetraffic.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 2 default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com https://optimize.google.com optimize.google.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://cookie-cdn.cookiepro.com 2 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com http://xyz.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 2 font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/ https://wchat.eu.freshchat.com https://paysera.eu.webpush.freshchat.com; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com https://wchat.eu.freshchat.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 2 frame-ancestors 'self'; report-uri /report-csp-violation 2 default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de efi2.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com landesportal-sh.dwebanalytics.de danord.gdi-sh.de *.digsy.land; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de https://danord.gdi-sh.de https://cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.vimeo.com https://matomo.schleswig-holstein.de 'sha256-Z63e+VFsLCeJvcIIADffuk58gwH7zpv5jIPJITytEps=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.schleswig-holstein.de 'sha256-Iv6+ueUCwCo7hxRPKs4x5N9MLe5bAOcJqKOJNkpFa4Q=' 'sha256-hwQ3jJFF76RYXz5z/h9KPxxCmJrIWmkrPI/0ue3TTVA=' 'sha256-jJH1V3gDESBl63xPMOf/g+/WVSLp61k6VjeyPRt1KKQ=' https://danord.gdi-sh.de 'sha256-4klLXXsGOpjKz3t5aaLNu/fwLVb7TxsGq0CBc4UUkGM=' cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com *.materna.de; object-src 'none' 'self' multimedia.gsb.bund.de; media-src 'self' blob: https://multimedia.gsb.bund.de *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookies.com https://youtu.be https://vimeo.com; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de https://danord.gdi-sh.de *.podigee-cdn.net *.readspeaker.com *.kaltura.com *.seminareonlinebuchen.de; frame-src cdn.podigee.com *.podigee-cdn.net *.umweltdaten.landsh.de *.schleswig-holstein.de danord.gdi-sh.de *.google.com *.gstatic.com *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.fr danord.gdi-sh.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr https://matomo.schleswig-holstein.de *.schleswig-holstein.de https://danord.gdi-sh.de https://sg.geodatenzentrum.de *.seminareonlinebuchen.de *.umweltdaten.landsh.de *.cdninstagram.com land-sh.termine-regional.de hht.infomaxnet.de dam.destination.one admin.die-netzwerkstatt.de *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self'; 2 child-src 'self' ; connect-src 'self' wss: *.litix.io *.wistia.com *.hubspot.com *.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com wss://ws40.hotjar.com content.hotjar.io *.hotjar.com www.trumba.com forms.hsforms.com *.s3.amazonaws.com cdn.linkedin.oribi.io geolocation.onetrust.com cookie-cdn.cookiepro.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' 'unsafe-inline' 'unsafe-eval' forms.hsforms.com; frame-src 'self' ppd.turtl.co *.twitter.com forms.hsforms.com player.vimeo.com biz.mosio.com www.buzzsprout.com vars.hotjar.com static.addtoany.com players.brightcove.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' cgtkiosk.immersive.tf; img-src 'self' assets.turtl.co syndication.twitter.com *.wistia.com no-cache.hubspot.com i.vimeocdn.com cf-images.us-east-1.prod.boltdns.net metrics.brightcove.com *.dialogtech.com *.kickfire.com www.trumba.com *.hsforms.com www.linkedin.com p.adsymptotic.com track.hubspot.com *.ads.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.wistia.com; navigate-to 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; upgrade-insecure-requests; 2 default-src 'self' https://*.tv1.eu http://*.tv1.eu 2 default-src 'self' www.googletagmanager.com www.google-analytics.com fonts.gstatic.com px.ads.linkedin.com stats.g.doubleclick.net snap.licdn.com ajax.googleapis.com fonts.googleapis.com code.jquery.com use.fontawesome.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; 2 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2 script-src 'self' https://code.jquery.com/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://static.cloudflareinsights.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://snap.licdn.com/ https://js-agent.newrelic.com/ https://*.nr-data.net/ 'unsafe-inline' 'unsafe-eval'; object-src 'self'; frame-ancestors 'self'; report-uri /report-csp-violation 2 default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 2 frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 2 sandbox; 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2 frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 2 img-src * data:; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2 frame-scr 'self' 2 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com https://www.youtube-nocookie.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 2 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com https://www.google.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 2 default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com; img-src * data: *.crazyegg.com acsbapp.com *.acsbapp.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io; report-uri /report-csp-violation 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 2 frame-ancestors *; report-uri /report-csp-violation 2 frame-ancestors 'self' *.force.com *.salesforce.com; 2 frame-ancestors 'self' localhost:* *.tason.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect; 2 default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io data: www.google.com www.googletagmanager.com stats.g.doubleclick.net collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2 : default-src 'self' 2 frame-ancestors https://*.smartrecruiters.com 2 default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 2 default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com region1.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io; frame-src 'self' blob: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com; worker-src 'self' blob: 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2 default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; prefetch-src https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 2 default-src 'self' ;options inline-script eval-script;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 2 style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' addthisedge.com *.bing.com bing.com *.btttag.com btttag.com *.bluetriangle.com bluetriangle.com *.calendly.com calendly.com *.cloudflare.com cloudflare.com g.doubleclick.net *.fontawesome.com fontawesome.com *.google.com *.googleoptimize.com *.googlesyndication.com *.gstatic.com google.com googleoptimize.com googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.hs-analytics.net *.hs-banner.com *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com hs-analytics.net hsforms.com hsforms.net hsleadflows.net hubspot.com *.linkedin.com ads.linkedin.com linkedin.com *.licdn.com licdn.com *.clarity.ms clarity.ms moatads.com pathmonk.com addthis.com *.vimeo.com vimeo.com wpengine.com data:; 2 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com lvccld.bibliocms.com *.lvccld.bibliocms.com https://thelibrarydistrict.org thelibrarydistrict.org *.thelibrarydistrict.org; 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 frame-ancestors http://*.viewlift.com 2 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ 2 default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 2 default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 2 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 2 frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 2 script-src 'self' 'unsafe-inline' https://kariera.pregis.cz https://cdn.jsdelivr.net https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://t.leady.com https://connect.facebook.net https://www.linkedin.com https://sjs.bizographics.com https://px.ads.linkedin.com; object-src 'none'; font-src * data:; frame-ancestors 'none'; 2 default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 2 frame-ancestors https://*.procampaign.net 2 policy-uri /'none' 2 reflected-xss block 2 default-src 'self'; base-uri 'self'; font-src 'self' chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de *.newsletter2go.com hls-hd.myrasec.de chatbot-bmi.azr.juacvoe.net wss://chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de wss://kai-bmi.bundesbots.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de *.cio.bund.de *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; frame-ancestors 'self'; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 2 default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src data: https:; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https:; frame-src data: https:; font-src 'self' data: https:; connect-src data: https:; base-uri 'self'; 2 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com apis.google.com *.googleapis.com *.rodacom.net www.rodacom.fr connect.facebook.net www.facebook.com platform.twitter.com www.googletagmanager.com www.google-analytics.com *.gstatic.com *.github.io https: api-adresse.data.gouv.fr; 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1 default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1 default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://cse.google.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1 base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io;frame-ancestors 'self'; 1 frame-ancestors 'self' icrc.org *.icrc.org 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfamily.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1 policy-uri /parivahan//'self' 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-+QC/qp+Bf7t7f2wrH+a69KQebVIEnZn3XhnRYqV76Np/X+Rk'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1 frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1 frame-ancestors *.uottawa.ca; report-uri /report-csp-violation; upgrade-insecure-requests 1 img-src *; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1 default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1 frame-ancestors 'self' *.griffith.edu.au 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1 frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com polyfill.io unpkg.com fast.wistia.com builder.lift.acquia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net js.adsrvr.org cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms cdn.callrail.com js.callrail.com static.ads-twitter.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com *.google-analytics.com nova.collect.igodigital.com px.ads.linkedin.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com stats.g.doubleclick.net *.google.com www.google.com www.google.ca www.google.be www.google.de www.google.com.ng www.google.com.sg www.google.com.in www.google.com.au public.tableau.com *.bcbsks.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net tools.applemediaservices.com play.google.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com px.ads.linkedin.com *.linkedin.com www.googletagmanager.com www.covermymeds.com t.co cdn.datatables.net embedwistia-a.akamaihd.net https://www.google.co.uk www.google.com.ph www.google.cn c.clarity.ms api.covermymeds.com ssl.google-analytics.com data:; media-src 'self' *.wistia.com embed-cloudfront.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com us.perz-api.cloudservices.acquia.io *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com q.clarity.ms x.clarity.ms y.clarity.ms *.clarity.ms js.callrail.com; report-uri /report-csp-violation 1 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 default-src 'self' 'unsafe-inline' *.royalroad.com fonts.googleapis.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src 'self' www.royalroadl.com www.royalroad.com cdn.royalroadlegends.com www.royalroadcdn.com www.gravatar.com data:; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src https: 1 default-src *.addthis.com *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.google.com *.ingest.sentry.io *.instagram.com *.twitter.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline 'self' 'unsafe-inline' moz-extension 'unsafe-eval'; block-all-mixed-content; font-src *.doubleclick.net *.facebook.net *.g.doubleclick.net *.google.com *.instagram.com *.twitter.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline 'self' 'unsafe-inline'; frame-src *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.google.fr *.gouv.fr *.instagram.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.twitter.com *.vimeo.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline 'self' 'unsafe-inline'; img-src *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.google.com *.instagram.com *.twitter.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://semrecf2.culture.fr https://sesame.culture.fr https://sf1-eu.readspeaker.com https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline 'self' 'unsafe-inline'; script-src *.addthis.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.google.com *.instagram.com *.twitter.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://app.readspeaker.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://sf1-eu.readspeaker.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline 'self' 'unsafe-inline' moz-extension 'unsafe-eval' 'nonce-VGhpc0V6UGxhdGZvcm1Ub2tlbklzTm90U29TZWNyZXRfUGxlYXNlQ2hhbmdlSXQ='; style-src *.doubleclick.net *.facebook.net *.g.doubleclick.net *.google.com *.instagram.com *.twitter.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://sf1-eu.readspeaker.com inline 'self' 'unsafe-inline'; report-uri /nelmio/csp/report 1 frame-ancestors 'self' *.iza.org; 1 connect-src * 'self' 1 default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu endpoint-app.cognigy.ai wss://endpoint-app.cognigy.ai 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self' 1 frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 1 frame-ancestors 'self' *.yatra.com 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ 'nonce-168593009117600' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1 frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com 1 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com https://client.crisp.chat *;form-action 'self' https: *;frame-ancestors 'self' https: *;frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' *.ads.linkedin.com t.co chat.eurobank.gr *.env.chat.eurobank.gr sp.analytics.yahoo.com znovsqrc.micpn.com sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.google.nl *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net *.clarity.ms; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: *.taboola.com static.ads-twitter.com chat.eurobank.gr *.env.chat.eurobank.gr s.yimg.com *.clarity.ms https://cdn-prod.wdesk.com/ixbrl-viewer/1.0.0/ixbrlviewer.js znovsqrc.micpn.com optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' *.taboola.com cdn.linkedin.oribi.io maps.googleapis.com chat.eurobank.gr wss://chat.eurobank.gr *.env.chat.eurobank.gr wss://*.env.chat.eurobank.gr s.yimg.com *.clarity.ms recengine.margera.co *.onetrust.com wss://*.hotjar.com/api/v2/client/ws *.analytics.google.com www.google.gr optimize.google.com *.visualstudio.com *.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com; child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1 frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com 1 frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1 report-uri /main/report-csp-violation; upgrade-insecure-requests 1 base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=XDJ98KLU0BuprATBhSDL%2BoyiIaquRmUI1iqjh3q0yUFtPVnu2HFcnjA04DIYGvtw1rkZS15Fcm3ZQnvbXCCgRQ%3D%3D; 1 default-src 'self'; font-src *; img-src * data:; script-src *; style-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 1 frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.hubspot.com https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://code.jquery.com; font-src 'self' https://use.typekit.net https://*.hotjar.com; form-action 'self' https://www.onlydomains.com https://account.centralnicreseller.com; frame-ancestors 'none'; frame-src https://www.recaptcha.net https://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://t.co https://*.linkedin.com https://*.twitter.com https://*.cookieyes.com https://cdn-cookieyes.com data:; object-src 'none'; script-src https://code.jquery.com https://cdn-cookieyes.com https://*.cookieyes.com 'nonce-NSsZypEoZ5xMB5N58bP0bVf7mKU=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.typekit.net https://*.hotjar.com https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self'; 1 policy-uri /'self' 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1 frame-ancestors 'self' *.chilis.com 1 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com *.jivo.ru webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1 default-src 'unsafe-inline' * 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net addthis.com *.addthis.com 'unsafe-inline' 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com; report-uri /report-csp-violation 1 frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1 frame-ancestors 'self' harri.com bam.harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com live.harri.com; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'  1 default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data:audio 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data:image/gif data:image/png data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 1 base-uri 'self'; default-src 'none'; child-src 'self'; connect-src 'self' https://fonts.googleapis.com fonts.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.hsforms.com *.hsforms.com https://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://fonts.googleapis.com fonts.googleapis.com; form-action 'self' https://*.hsforms.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.hsforms.com *.hsforms.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com; img-src 'self' https://new.xumo.com new.xumo.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.hsappstatic.com *.hsappstatic.com https://*.hsforms.com *.hsforms.com https://*.hs-embed-reporting.com *.hs-embed-reporting.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'self' https://*.googleapis.com *.googleapis.com https://xumo-ops.s3.amazonaws.com xumo-ops.s3.amazonaws.com; object-src 'none'; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.hsforms.net *.hsforms.net https://*.youtube.com *.youtube.com 'unsafe-inline'; style-src 'self' https://*.typekit.net *.typekit.net https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 frame-ancestors https://www.hlb.com.kh https://www.hlbank.com.vn https://www.hlbank.com.sg https://docs.google.com https://apply-merchant.hlb.com.my https://bid.g.doubleclick.net/ https://streetview.my/ https://safedepositboxjb.streetview.my https://s.hongleongconnect.my https://hlbmc.demdex.net https://8791613.fls.doubleclick.net/ https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1 connect-src 'self' *.mux.com; default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.mux.com; frame-src multimedia.gsb.bund.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.readspeaker.com *.saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org *.geodatenzentrum.de *.siteimproveanalytics.io; worker-src 'self' blob:; frame-ancestors 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1 default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-prod.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1 base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=CTLBLRdOCi9JXaa8YiNejYMWNGaESVHseDvBhQ7OxC%2BqoQYv1mlP0q3yMbpuXeyltN5%2Fwt0EmVeOwa7OZ9azGg%3D%3D; 1 default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1 : default-src * 1 default-src 'self' https://*.gstatic.com; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.com https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net https://*.doubleclick.net https://relap.io; font-src data: https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self' https://relap.io; frame-src 'self' https://relap.io https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net http://webvisor.com https://www.googletagmanager.com https://relap.io; img-src 'self' https://*.stripocdn.email https://*.tns-counter.ru https://*.medkongress.ru http://*.medkongress.ru https://*.nesterovskie-chteniya.ru http://nesterovskie-chteniya.ru https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr https://www.vidal.ru https://vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.com https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.be https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.google.nl https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch https://yastatic.net https://*.yastatic.net https://relap.io https://cm.p.altergeo.ru https://*.relap.io https://www.googletagmanager.com; media-src 'self' data: https://*.google.com https://*.google.ru https://*.yandex.net https://*.strm.yandex.ru https://strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://*.yandex.ru https://*.admetrica.ru https://www.googletagmanager.com https://relap.io https://cm.p.altergeo.ru; script-src 'self' https://relap.io https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://*.yandex.com https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com https://www.googletagmanager.com https://*.ampproject.org https://relap.io https://js.ad-score.com; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://relap.io 1 frame-ancestors https://localizejs.com 1 child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com https://test-gpc-1.sg.va.sabio.cloud s.yimg.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.zdassets.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io https://test-gpc-1.sg.va.sabio.cloud https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://tagmanager.google.com https://www.googletagmanager.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg 1 frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn 'self'; 1 default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1 default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1 default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1 frame-ancestors https://*.omantel.om 1 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1 script-src 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://*.amazonpay.com; default-src 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; frame-ancestors 'self' https://admin.unicef-irc.org 1 default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://www.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com *.imi.chat js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' *.imi.chat https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *.imi.chat https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co x.bidswitch.net dsum-sec.casalemedia.com simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' *.imi.chat wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' *.imi.chat https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com; font-src 'self' 'unsafe-inline' *.imi.chat https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com data:; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de https://mitgliedwerden.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de ; 1 script-src coinpedia.org 1 default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' *.relay42.com vars.hotjar.com 6162542.fls.doubleclick.net;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com script.hotjar.com snap.licdn.com static.cloud.coveo.com static.hotjar.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src data: 'self' *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com https://i.ytimg.com;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com https://*.hotjar.com https://*.hotjar.io k-aeu1.contentsquare.net l.contentsquare.net maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com vc.hotjar.io wss://*.hotjar.com wss://bat.bing.com www.google-analytics.com www.google.com;media-src 'self' ;object-src 'self' ;child-src blob: 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1 default-src https:; script-src 'self' 'nonce-x4seNesqn9Kc5xu08SuX4RudeKyzrIAC' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-IVxSTVQiU/4jp3i8p/llf7LoGFe6v/9O' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1 default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; report-uri /csp-report 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'.de datawrapper.dwcdn.net; 1 default-src 'self'; script-src 'self' 1 allow 'self'; options inline-script; img-src 'self' data: 1 script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.eelv.fr/; img-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; object-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; frame-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; img-src 'self' data: https://*; object-src 'self' data: https://*; frame-src 'self' data: https://*; form-action 'self' data: ; 1 frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com *.bitdefender.co.jp bitdefender.co.jp new.bitdefender.co.uk store.bitdefender.com bitdefender-html.test ad4m.at 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bpl.bibliocms.com *.bpl.bibliocms.com https://www.bpl.org www.bpl.org *.www.bpl.org; 1 img-src 'self' https://*.userway.org https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data:;connect-src 'self' https://*.userway.org https://api.userway.org/api/tunings/83ywNuGjuO https://cdn.userway.org/widgetapp/2022-05-10/widget_app_base_1652167554180.js https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://csi.gstatic.com https://analytics.tiktok.com https://analytics.google.com https://maps.googleapis.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.joinhoney.com https://cdn25.lemnisk.co data:;object-src 'self';media-src 'self' https://*.userway.org;child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://*.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://aax-eu.amazon-adsystem.com https://www.google.com https://recaptcha.google.com https://*.userway.org https://api.userway.org/api/tunings/83ywNuGjuO;form-action 'self' https://cdn.userway.org https://*.rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report; 1 img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1 upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1 frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com *.usercentrics.eu data: *.motel-one.com *.the-cloud-one.com *.usercentrics.eu; script-src *.motel-one.com *.the-cloud-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com squarelovin.com ik.imagekit.io *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com *.the-cloud-one.com *.gstatic.com *.usercentrics.eu *.pinimg.com *.pinterest.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.the-cloud-one.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com; font-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com *.pinimg.com *.pinterest.com *.surveysparrow.com surveysparrow.com; 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-F38lgHEUu3iWghU/p+n4EQ==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1 frame-ancestors 'self'; default-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval' 1 frame-ancestors self *.academieminerva.nl 1 object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1 frame-ancestors 'self' *.gohunt.com 1 default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chicago.bibliocms.com *.chicago.bibliocms.com https://www.chipublib.org www.chipublib.org *.www.chipublib.org; 1  default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://js-agent.newrelic.com/nr-1216.min.js https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://www.google-analytics.com/gtm/optimize.js https://googleads.g.doubleclick.net http://wcs.naver.net http://wcs.naver.net/wcslog.js https://fs.bizspring.net https://fs.bizspring.net/fs4/bstrk.1.js https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.37.0/otBannerSdk.js https://sjrtp8-cdn.marketo.com https://sjrtp8-cdn.marketo.com/rtp-api/v1/rtp.js https://hm.baidu.com https://hm.baidu.com/hm.js https://cdn.livechatinc.com https://cdn.livechatinc.com/tracking.js https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://cdn.parsely.com/keys/videojet.com/p.js https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://munchkin.marketo.net/161/munchkin.js http://63475.tctm.co http://63475.tctm.co/p.js https://api.livechatinc.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js http://63475.tctm.co http://63475.tctm.co/t.js http://app-sj04.marketo.com http://app-sj04.marketo.com/js/forms2/js/forms2.min.js http://cdn.livechatinc.com http://cdn.livechatinc.com/tracking.js http://munchkin.marketo.net http://munchkin.marketo.net/munchkin.js http://www.google-analytics.com http://www.google-analytics.com/analytics.js https://api.livechatinc.com https://api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mouseflow.com https://cdn.mouseflow.com/projects/a9954248-100f-48af-93d9-4f38aeb12d06.js https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1005853898/ https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/gtm/js https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/tr https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io/partner/53880/domain/videojet.com/token https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr6DRASf6M7VBj.woff2 https://fonts.gstatic.com https://cdn.mouseflow.com https://cdn.mouseflow.com/fonts/gstatic_droidsans.woff2 https://s0.wp.com; frame-src 'self' https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg%27 https://cdn.livechatinc.com; worker-src 'none'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1 frame-ancestors 'self' *.business.qld.gov.au 1 default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1 default-src 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1 default-src 'self' 'unsafe-inline' blod: data: * 1 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1 frame-ancestors 'self' *.buechen.de; 1 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob data: 1 upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1 frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1 block-all-mixed-content; frame-ancestors 'self' 1 default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://*.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com https://*.google.com https://*.linkedin.oribi.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://*.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://*.pagestrip.com; 1 img-src https://* data: blob:; script-src https://* 'unsafe-eval' 'unsafe-inline'; frame-src https://* 1 default-src 'self'; frame-src 'self' *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'none';manifest-src 'self' 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com js-na1.hs-scripts.com assets.adobedtm.com www.googletagmanager.com connect.facebook.net js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.usemessages.com unpkg.com js.hs-scripts.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com fonts.googleapis.com;prefetch-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com; frame-ancestors 'self'; connect-src 'self' https://sbaedge.com:8443 https://www.sbaedge.com:8443 www.facebook.com api.hubspot.com www.google-analytics.com forms.hubspot.com api.hubapi.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com track.hubspot.com forms.hsforms.com www.facebook.com; style-src 'self' 'unsafe-eval' 'unsafe-inline';base-uri 'self' 'unsafe-inline' 'unsafe-eval';form-action 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js-na1.hs-scripts.com www.googletagmanager.com assets.adobedtm.com www.google-analytics.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.usemessages.com connect.facebook.net; 1 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1 default-src 'self' data: https://bitrix.info:* https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bitrix.info:* https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; style-src 'self' 'unsafe-inline' https://bitrix.info:* https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; img-src 'self' data: blob: https://bitrix.info:* https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; font-src 'self' https://bitrix.info:* https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; 1 default-src 'self' *.garmin.com https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com; connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com *; script-src 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://optimize.google.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com; font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://secure.adnxs.com; frame-src https://*.doubleclick.net *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://gum.criteo.com https://static.criteo.net; object-src 'none'; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1 frame-ancestors 'self' piwik.currence.nl; 1 base-uri 'none';child-src 'none';connect-src 'self' https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc wss://*.bridge.walletconnect.org https://registry.walletconnect.com https://vercel.live;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com/;img-src 'self' data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1 img-src 'self' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://*.hotjar.com; default-src 'self' https://nomos-elibrary.de https://*.nomos-elibrary.de https://cookiebot.com https://*.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://googletagmanager.com https://*.googletagmanager.com https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://google-analytics.com https://*.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect 'unsafe-inline'; frame-ancestors 'self' https://www.googletagmanager.com 1 default-src 'self' data: blob: https: *.boschtools.com *.mycliplister.com *.hotjar.com *.linkedin.com a19948120449.cdn.optimizely.com 10097804.fls.doubleclick.net adservice.google.com adservice.google.de ad.doubleclick.net errors.client.optimizely.com logx.optimizely.com px.ads.linkedin.com visitor-service-eu-central-1.tealiumiq.com; font-src 'self' data: gallery.sprinklr.com ; object-src data: 'self'; img-src https: data: blob: scontent-iad3-2.cdninstagram.com scontent.cdninstagram.com thumb.sprinklr.com collect.tealiumiq.com gwmtracking.com pbs.twimg.com; style-src 'self' 'unsafe-inline' https: 10097804.fls.doubleclick.net gallery.sprinklr.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com gallery.sprinklr.com bosch-tools-resultpage.com cvg-bosch.widget.custhelp.com s.webtrends.com tags.tiqcdn.com cdn.optimizely.com cdn.pricespider.com platform.twitter.com snap.licdn.com 1 frame-ancestors 'self' https://*.mebis.bayern.de 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1 default-src https: ; form-action https: ; script-src https://*.adyen.com https://optimize.google.com https://www.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://www.gstatic.com https://www.youtube.com https://assets.adobedtm.com https://widgets.trustedshops.com https://assets.pixlee.com https://googleads.g.doubleclick.net https://test.adyen.com https://live.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net data: https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://assets.pxlecdn.com https://www.paypalobjects.com ; style-src https://*.adyen.com https://optimize.google.com https://fonts.googleapis.com https://widgets.trustedshops.com 'unsafe-inline' https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net https://tagmanager.google.com https://fonts.googleapis.com https://mayoral.demdex.net; img-src https://*.adyen.com * data: https://www.paypal.com https://www.sandbox.paypal.com ; font-src * ; connect-src https://*.adyen.com https://*.mayoral.com https://*.mayoral.net https://*.abelandlula.com https://*.abelandlula.net https://analytics.google.com https://www.google-analytics.com https://www.facebook.com https://www.google.es https://www.googleapis.com https://maps.googleapis.com https://inbound-analytics.pixlee.com https://dpm.demdex.net https://stats.g.doubleclick.net https://*.fls.doubleclick.net https://gw1.api.trustedshops.com https://shops-si.trustedshops.com https://api.trustedshops.com https://api.trustbadge.etrusted.com https://trustbadge.api.etrusted.com https://logging.trustbadge.com https://www.paypal.com https://www.sandbox.paypal.com https://*.analytics.google.com ; frame-src * ; block-all-mixed-content; upgrade-insecure-requests; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de *.webview.isb-mopa.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; Content-Security-Policy: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; X-Webkit-CSP: default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de*.youtube.com *.webview.isb-mopa.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com *.webview.isb-mopa.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com *.webview.isb-mopa.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com *.bfn.de; frame-ancestors 'self' *.webview.isb-mopa.de; frame-src 'self' *.webview.isb-mopa.de; 1 frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1 frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://sisense.prod.llamaprod.net https://insights.llamasoft3d.us https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://sisense.prod.llamaprod.net https://insights.llamasoft3d.us https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self'; 1 frame-ancestors 'self' heromotocorp.com *.heromotocorp.com 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 1 default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1 default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net yandex.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com idntfy.ru mobuli.info mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1 frame-ancestors https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com; report-uri /report-csp-violation 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-PpdPTvVmynZdsAe/roxxFU/kPrZGrfYwcVFRSlMCaQgVLwpi'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1 default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self' *.bosch-pt.com bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1 script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.ebola.cz; options inline-script eval-script; img-src 'self' *.ebola.cz 1 default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.amalgamatedbank.com bam.nr-data.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1 default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; block-all-mixed-content; img-src 'self' www.google-analytics.com www.googletagmanager.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; report-uri /nelmio/csp/report 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://*.openstreetmap.org https://www.googleadservices.com privacy.trustcommander.net *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.novomind.com *.provenexpert.com *.google.com *.doubleclick.net *.commander1.com *.otto.de *.rs.ogit.cloud *.bing.com *.xiti.com *.mouseflow.com *.ytimg.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq3/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/ cdn.trustcommander.net marketing.hanseaticbank.de; font-src 'self' 'unsafe-inline' data: *.gstatic.com; form-action 'self'; frame-ancestors *.hanseaticbank.de *.hbnext.de *.test *.test:13184; frame-src 'self' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://direktkredit.hanseaticbank.de cdn.trustcommander.net cdn.tagcommander.com cdn.jsdelivr.net sonata.aklamio.com *.youtube.com *.instagram.com *.twitter.com *.facebook.com *.test *.google.com *.googletagmanager.com *.googlesyndication.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/; img-src 'self' data: https://antrag.hanseaticbank.de https://antrag.hbnext.de http://*.tile.osm.org https://*.tile.openstreetmap.org https://i.ytimg.com manager.tagcommander.com analytics.aklamio.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.novomind.com *.otto.de *.rs.ogit.cloud *.xiti.com *.outbrain.com *.bing.com *.google.com *.google.de *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net https://s3-eu-west-1.amazonaws.com/dap-prod-dctag/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antrag.hanseaticbank.de https://antrag.hbnext.de https://code.jquery.com cdn.trustcommander.net cdn.tagcommander.com cdn.mouseflow.com cdn.jsdelivr.net platform.commandersact.com api.aklamio.com api.amio-dev.com *.hanseaticbank.de *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.novomind.com *.provenexpert.com *.aticdn.net *.outbrain.com *.doubleclick.net *.bing.com *.facebook.net *.twitter.com https://s3-eu-west-1.amazonaws.com/dap-prod-dcq/ https://s3-eu-west-1.amazonaws.com/dap-prod-custom/; style-src 'self' 'unsafe-inline' https://antrag.hanseaticbank.de https://antrag.hbnext.de cdn.jsdelivr.net *.googleapis.com 1 default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' analytics.interpolis.nl *.r42tag.com *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.arcgis.com *.googleanalytics.com https://optimize.google.com https://admin.relay42.com http://*.hotjar.io:* https://*.hotjar.io:* https://googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl optimize.google.com;img-src data: 'self' *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net https://script.hotjar.com http://script.hotjar.com optimize.google.com www.gstatic.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net;font-src data: 'self' fonts.gstatic.com js.arcgis.com widget.greenonline.nl http://script.hotjar.com https://script.hotjar.com ;connect-src 'self' *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io:* https://*.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net;media-src 'self' *.interpolis.nl;object-src 'self' ;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com *.hotjar.io e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com optimize.google.com;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com optimize.google.com;form-action 'self' t.svtrd.com http://trx.ae https://transaction.acceptemail.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;upgrade-insecure-requests;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-GfML0dyhKDzxCLNH' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com www.pingvp.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com www.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu www.pingvp.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl defriesland.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1 default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'none'; base-uri 'self'; connect-src 'self' https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1 default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' 'unsafe-inline'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com https://www.google-analytics.com/analytics.js https://count.personyze.com cdn.datatables.net code.jquery.com https://analytics.twitter.com https://analytics.twitter.com/i/adsct https://googleads.g.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://clients-api.pushengage.com https://www.googletagmanager.com https://hbl.pushengage.com maps.googleapis.com https://connect.facebook.net https://clientcdn.pushengage.com/ https://count.personyze.com/ https://counter-backend.personyze.com/ https://counter.personyze.com/ https://unpkg.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com https://www.google.com/pagead/conversion_async.js;style-src 'report-sample' 'self' 'unsafe-inline' https://hbl.pushengage.com https://fonts.googleapis.com;object-src 'none';base-uri 'self';connect-src 'self' https://clients-api.pushengage.com https://stats.g.doubleclick.net https://www.google-analytics.com;font-src 'self' maps.googleapis.com https://www.google-analytics.com https://fonts.gstatic.com data:;frame-src 'self' https://bid.g.doubleclick.net https://web.facebook.com/ https://www.facebook.com/ https://www.google.com hbl-web.peekaboo.guru https://www.google.com/recaptcha/ https://www.youtube.com https://hbl-rewards.peekaboo.guru https://hbl-instalment-web.peekaboo.guru;img-src https://www.google.com.pk https://www.google.com https://t.co https://www.facebook.com cdn.personyze.com https://www.google-analytics.com http://www.hbl.com assetscdn.pushengage.com maps.googleapis.com maps.gstatic.com www.gstatic.com https://www.visa.com https://offerswidget.visa.com https://i.ytimg.com/ data:;manifest-src 'self';media-src 'self';worker-src 'self'; 1 default-src 'self' https://*.webbfabriken.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.webbfabriken.com https://a.omappapi.com https://a.omwpapi.com https://use.typekit.net https://script.hotjar.com https://static.hotjar.com https://chimpstatic.com https://www.google-analytics.com https://m8m7u2y3.stackpathcdn.com https://ajax.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com; object-src 'self' https://www.webbfabriken.com; style-src 'self' 'unsafe-inline' https://www.webbfabriken.com https://fonts.googleapis.com https://a.omwpapi.com https://a.omappapi.com https://m8m7u2y3.stackpathcdn.com; img-src 'self' data: https://www.webbfabriken.com https://a.omappapi.com https://a.omwpapi.com https://p.typekit.net https://www.google.se https://region1.analytics.google.com https://m8m7u2y3.stackpathcdn.com https://www.google.com https://*.gstatic.com https://*.w.org https://www.uc.se https://www.abuseipdb.com https://*.google-analytics.com https://www.facebook.com; media-src 'self' https://www.webbfabriken.com; frame-src 'self' https://www.webbfabriken.com https://m8m7u2y3.stackpathcdn.com https://www.facebook.com; font-src 'self' data: https://www.webbfabriken.com https://use.typekit.net https://fonts.gstatic.com https://a.omwpapi.com https://m8m7u2y3.stackpathcdn.com; connect-src 'self' https://www.webbfabriken.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://z.omwpapi.com https://a.omappapi.com https://api.omwpapi.com https://optinmonster.com https://*.google-analytics.com https://www.facebook.com; report-uri https://www.webbfabriken.com/_sys/csp_report_log/insert.php 1 connect-src 'self' *.addthis.com *.bing.com *.consentmanager.net *.doubleclick.net *.google.com *.presspage.com *.usercentrics.eu https://*.3qsdn.com https://letscast.fm vendorlist.consensu.org wss://*.bing.com www.google-analytics.com; default-src 'self'; font-src 'self' *.presspage.com data: fonts.gstatic.com https://*.3qsdn.com; frame-ancestors 'self' localhost:* partners.doctolib.de sc.01.sana-apps.de sc.02.sana-apps.de www.sana.de www.sanadaily.de; frame-src 'self' *.addthis.com *.doubleclick.net *.google.com *.livecoder.com *.sana.de *.usercentrics.eu *.vimeo.com *.zscaler.net 466b13bd.sibforms.com https://360tour-start.de/Tours22/sana-gyno-benrath.html https://cdn.consentmanager.net https://cdn.embedly.com/ https://platform.twitter.com/ https://vimeo.com/event/2379788/chat/27c03f2751 https://vimeo.com/event/2379788/embed/27c03f2751 maps.google.de partners.doctolib.de player.vimeo.com sanadigital.typeform.com sc.01.sana-apps.de sc.02.sana-apps.de sdx.microsoft.com virtualpro360.com www.sana.de www.youtube-nocookie.com www.youtube.com; img-src * *.bing.com *.doubleclick.net *.google.com *.gstatic.com *.microsoft.com data: www.googletagmanager.com; media-src 'self' blob: https://*.3qsdn.com https://lcdn.letscast.fm; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.google.com *.googleadservices.com *.googleapis.com *.usercentrics.eu *.vimeo.com *.zscaler.net aggregator.service.usercentrics.eu blob: embed.typeform.com https://*.3qsdn.com https://*.jameda-elements.de https://bat.bing.com https://connect.facebook.net https://r.bing.com sc.01.sana-apps.de sc.02.sana-apps.de www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; script-src-elem 'self' 'unsafe-inline' *.consentmanager.net *.doubleclick.net *.google.com *.googleapis.com *.presspage.com *.usercentrics.eu aggregator.service.usercentrics.eu embed.typeform.com https://*.3qsdn.com https://*.addthis.com/ https://*.googlesyndication.com https://*.jameda-elements.de https://*.vimeo.com https://bat.bing.com https://cdn.consentmanager.net https://connect.facebook.net https://letscast.fm/ https://platform.twitter.com/widgets.js https://r.bing.com https://s7.addthis.com/js/300/addthis_widget.js https://v1.addthisedge.com/live/boost/ra-591e8b1a9c5806d1/_ate.track.config_resp https://vimeo.com https://www.googleadservices.com https://www.gstatic.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js presspage-production-content.s3.amazonaws.com sc.01.sana-apps.de sc.02.sana-apps.de www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; style-src 'self' 'unsafe-inline' *.bing.com *.consentmanager.net *.googleapis.com *.presspage.com https://*.3qsdn.com https://letscast.fm presspage-production-content.s3.amazonaws.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1 frame-ancestors 'self' *.leoncountyfl.gov ; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1 frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kcls.bibliocms.com *.kcls.bibliocms.com https://kcls.org kcls.org *.kcls.org; 1 frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src 'self' https; connect-src 'self' https://dc.services.visualstudio.com https://attach.ukpowernetworks.co.uk www.google-analytics.com region1.google-analytics.com https://apikeys.civiccomputing.com/c/v https://in.hotjar.com/ https://vc.hotjar.io stats.g.doubleclick.net https://translate.googleapis.com https://maps.googleapis.com https://api.what3words.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://*.applicationinsights.azure.com https://*.azurewebsites.net https://graph.microsoft.com/ https://*.tangentlabs.co.uk https://col.site24x7rum.eu https://l.sharethis.com https://api.reciteme.com https://stats.reciteme.com https://speechstreamv3-webservices-8.texthelp.com/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net https://en.wikipedia.org/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://apps.parcelforce.com/sso/Home/IsAlive https://apps.parcelforce.com/sso/ https://static.queue-it.net; font-src 'self' ukpn.local hello.myfonts.net data: fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk; style-src 'self' 'unsafe-inline' ukpn.local fonts.googleapis.com https://fonts.googleapis.com https://api.reciteme.com https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net; script-src 'self' 'unsafe-eval' ukpn.local 'unsafe-inline' https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://www.googletagmanager.com/ns.html www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com script.hotjar.com static.hotjar.com z.moatads.com https://translate.google.com/ https://translate.googleapis.com/ apis.google.com www.google.com www.gstatic.com maps.googleapis.com ajax.googleapis.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://static.site24x7rum.eu widget.trustpilot.com platform-api.sharethis.com https://buttons-config.sharethis.com graph.facebook.com https://www.youtube.com s.ytimg.com https://api.reciteme.com https://stats.reciteme.com v4in1-si.click4assistance.co.uk https://*.speechstream.net https://wikisum.texthelp.com/ https://ukpn-dev-cdn.tangentlabs.co.uk https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://ukpowernetworks.queue-it.net https://ukpowernetwork.queue-it.net https://static.queue-it.net/script/queueclient.min.js https://static.queue-it.net/script/queueconfigloader.min.js https://assets.queue-it.net https://grid.is; img-src 'self' data: https://api.umbraco.io https://media.umbraco.io https://img.youtube.com www.google-analytics.com googletagmanager.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads https://translate.google.com maps.gstatic.com maps.googleapis.com https://www.google.com https://www.google.co.uk/ https://www.google.com/images/cleardot.gif https://www.gstatic.com fonts.googleapis.com apis.google.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://l.sharethis.com https://api.reciteme.com https://pfw-prod-ukwest-safespaceonline.azurewebsites.net prod3si.click4assistance.co.uk v4in1-si.click4assistance.co.uk https://speechstreamv3-webservices-8.texthelp.com/ https://upload.wikimedia.org; child-src 'self' https://www.googletagmanager.com/ns.html https://content.googleapis.com; frame-src 'self' https://vars.hotjar.com www.google.com *.google.com www.youtube.com https://widget.trustpilot.com platform-api.sharethis.com https://api.reciteme.com v4in1-ti.click4assistance.co.uk https://*.speechstream.net https://grid.is; object-src 'none'; worker-src blob:; media-src https://api.reciteme.com self https://*.speechstream.net; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://*.hotjar.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://*.hotjar.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com ; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; img-src 'self' data: *; frame-src 'self' https://tools.eurolandir.com https://*.youtube.com https://vars.hotjar.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://vars.hotjar.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://bam.nr-data.net https://*.google.com https://*.xiti.com https://cdn.linkedin.oribi.io; report-uri /report-csp-violation 1 sandbox allow-scripts allow-same-origin allow-forms ; 1 frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1 default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1 report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app; connect-src 'self' *.run.app *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app; frame-ancestors 'none' 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-85c57bd51b97bf6c3566f9d076bc8f22' 'nonce-a99836dc4e4025bfd5400cf2f0a0c1eb' 'nonce-7179c1250d05a1538d6888018207fad6' 'nonce-0992a71da61c74c37f477befef40ec27' 'nonce-588d84e048f834cfd18fb354ea388c2b' 'nonce-e1cf934218c27fca24efd592b4b1feb9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-85c57bd51b97bf6c3566f9d076bc8f22' 'nonce-a99836dc4e4025bfd5400cf2f0a0c1eb' 'nonce-7179c1250d05a1538d6888018207fad6' 'nonce-0992a71da61c74c37f477befef40ec27' 'nonce-588d84e048f834cfd18fb354ea388c2b' 'nonce-e1cf934218c27fca24efd592b4b1feb9' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1 frame-ancestors 'self' spoxy3.insipio.com 1 default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.googletagmanager.com www.googletagmanager.com connect.facebook.net youtube.com *.facebook.net *.youtube.com *.stg.brandwire.in *.mediawire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googletagmanager.com *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com www.googletagmanager.com *.googletagmanager.com *.idiva.com *.ilnconnect.com *.mensxp.com *.ilnconnect.com *.indiatimes.com 1 default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self' 'unsafe-inline' *.interiorhealth.ca fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1 frame-ancestors https://www.abarset.com/ https://abarset-grandvalira.com/ http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com http://*.palarinsal.com https://*.palarinsal.com 1 frame-ancestors 'self' *.fitnessfirst.de *.acsitefactory.com 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com *.analytics.google.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com *.analytics.google.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; 1 default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net data:; object-src 'none'; 1 default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1 frame-src 'self' tradeapi2.bsc.com.vn 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 1 frame-ancestors 'self', facebook.com, *.facebook.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net www.buzzsprout.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net cdn.schemaapp.com fcscdn.broadridge.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net; 1 default-src 'self'; script-src-elem 'self' https://cdn.usefathom.com; child-src 'self' https://hooktube.com https://www.hooktube.com https://youtube.com https://www.youtube.com https://youtu.be https://gfycat.com https://streamja.com https://streamable.com https://vimeo.com https://vine.co https://instaud.io https://player.vimeo.com; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.usefathom.com wss://ovarit.com ws://ovarit.com 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://libs.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online https://ecommerctst.tatasteel.online https://ecmc01qa.tatasteel.online https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online https://local.tatacwr.com/CWR/docroot/; report-uri /report-csp-violation 1 frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1 frame-ancestors *.mastercardconnect.com 1 frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1 default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1 default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com connect.facebook.net *.facebook.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com *.hotelmap.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net https://*.hotjar.com; img-src 'self' 'self' data: www.awin1.com https://*.hotjar.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com bat.bing.com https://clarity.microsoft.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net *.facebook.com theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.stay22.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com https://*.hotjar.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk connect.facebook.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com d16fk4ms6rqz1v.cloudfront.net gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1 allow *; script-src 'self' https://www.ibs.re.kr; script-src 'self' https://www.ibs.d.innodis.co.kr; object-src http://maps.google.com; object-src https://www.google.co.kr/; object-src http://html5shiv.googlecode.com; object-src http://www.facebook.com; object-src https://twitter.com; object-src https://www.google-analytics.com/;object-src https://www.google.com; report-uri /csp-report-endpoint/; 1 frame-ancestors 'self' https://reporting.brille24.de 1 base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com 'nonce-NTNlNTQyODY5MjhhYjE5ZmFiNDM4M2MyM2U0OTcyYTc2NzIyZjI5ZDcxZmY1ZGFjNTc1NmY4ZjdjNzNiZmJmM2E2ODZlNWZmYzNmOTkyNDQ4ZjhhY2JkNzQ5OTM0YTljNTNlZGFhNzE4ZTRiMGVmODM1MDAxMzE3OTBiYjg1MTU=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https%3A//2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1 default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com; 1 default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1 frame-ancestors 'self' https://appwizzy.com 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1 block-all-mixed-content; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:*; report-uri /report-csp-violation 1 frame-ancestors 'self' https://*.hapara.com/ 1 upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'nonce-lpzssqNv4a17QECrzcqTYvCv/ykhHSFDm2rnonYYKl0=' 'strict-dynamic'; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' www.google.de www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net consent-cdn.swmh.de; font-src 'self' *.gstatic.com www.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1 default-src 'self';base-uri 'self';form-action 'self';script-src 'self' 'unsafe-inline' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com e4jy41wl9k.kameleoon.eu assets.findify.io ;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com data:;media-src 'self' a.storyblok.com data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com https://api.bigcommerce.com api-v3.findify.io reco.target2sell.com undefined-dsn.algolia.net;frame-src https://www.youtube.com/ https://player.vimeo.com/;frame-ancestors app.storyblok.com vercel.app;prefetch-src 'self'; 1 object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com;frame-src https://www.youtube.com *.webinargeek.com *.mouseflow.com *.loom.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl *.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com *.googletagmanager.com https://developers.google.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://fonts.googleapis.com *.webinargeek.com *.typekit.net;font-src https://fonts.gstatic.com *.webinargeek.com *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.buymusic.club wss://ws.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club 'nonce-CmxeiTtmNFwVu5WVltx1mg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de; script-src 'strict-dynamic' 'nonce-d896d75093b5aa072d4e75eeb064d21c' 'nonce-144a3ee2275c7e3198c0d2042bf9538c' 'nonce-37f9a8242ff1879abb7cceb9e79e22c9' 'nonce-2a3bea7149d4214230e2babb5678a0fe' 'nonce-af07eb25c0f173b97c6bf091e00fc1b6' 'nonce-ab16212a59192265878c558c88998e23' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d896d75093b5aa072d4e75eeb064d21c' 'nonce-144a3ee2275c7e3198c0d2042bf9538c' 'nonce-37f9a8242ff1879abb7cceb9e79e22c9' 'nonce-2a3bea7149d4214230e2babb5678a0fe' 'nonce-af07eb25c0f173b97c6bf091e00fc1b6' 'nonce-ab16212a59192265878c558c88998e23' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline' https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1 default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1 frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1 default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *;.rienergy.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; connect-src 'self' *.horacemann.com *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 1 default-src 'self'; script-src 'self'; img-src 'self' 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-NuoKhdjyahJPta1Axay3FlKRg7NEfF4u' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'self' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com *.usercentrics.eu dpm.demdex.net aldinord.sc.omtrdc.net; block-all-mixed-content; connect-src 'self' *.demdex.net *.omtrdc.net *.cookielaw.org *.onetrust.com; img-src 'self' data: *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com *.usercentrics.eu dpm.demdex.net aldinord.sc.omtrdc.net *.cookielaw.org *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com *.usercentrics.eu dpm.demdex.net aldinord.sc.omtrdc.net *.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com dpm.demdex.net aldisued.d3.sc.omtrdc.net *.facebook.net aldisued.demdex.net *.facebook.com services.cdn-shop.com *.usercentrics.eu dpm.demdex.net aldinord.sc.omtrdc.net *.cookielaw.org *.onetrust.com 1 default-src 'self' 'nonce-Y2EwMzQzOGEzYQ==' www.google-analytics.com googleapis.com ggpht.com nr-data.net ajax.googleapis.com fonts.googleapis.com www.googletagmanager.com js-agent.newrelic.com fonts.gstatic.com; frame-src youtube.com www.youtube.com doubleclick.net; child-src 'none'; object-src 'none'; 1 default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1 frame-ancestors 'self' cmsv2.zebrix.net 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; connect-src 'self' *.googleapis.com *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google.com *.google-analytics.com analytics.google.com wss://*.hotjar.com *.hotjar.com *.monsido.com *.stackla.com *.analytics.google.com; frame-src 'self' staticcdn.co.nz widget.stackla.com *.dwcdn.net *.infogram.com radian.mintdesign.co.nz viewer.mapme.com *.spotify.com omny.fm *.metservice.com goo.gl nzhistory.govt.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz configurator.takina.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com *.stackla.com; frame-ancestors 'self'; font-src 'self' data: *.gstatic.com script.hotjar.com assetscdn.stackla.com *.stackla.com; img-src 'self' data: blob: twemoji.maxcdn.com staticcdn.co.nz shielded.co.nz *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com *.stackla.com *.cdninstagram.com *.siteimproveanalytics.io *.analytics.google.com; media-src 'self' storage.googleapis.com crowdriff-video-upload.s3.amazonaws.com maori-dictionary-media.s3.amazonaws.com *.stackla.com *.cdninstagram.com storage.googleapis.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org assetscdn.stackla.com *.stackla.com *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz *.stackla.com *.zencdn.net siteimproveanalytics.com *.analytics.google.com vjs.zencdn.net; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com *.zencdn.net *.stackla.com assetscdn.stackla.com vjs.zencdn.net; 1 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1 default-src 'self'; \ script-src 'self' https://ajax.googleapis.com; \ img-src 'self' https://ssl.google-analytics.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com christchurch.bibliocms.com *.christchurch.bibliocms.com https://my.christchurchcitylibraries.com my.christchurchcitylibraries.com *.my.christchurchcitylibraries.com; 1 frame-ancestors 'self' https://www.w3schools.com 1 https://client.libertydentalplan.com; https://libertydentalplan.com 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be https://app.usercentrics.eu/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1 frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1 allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com 1 object-src 'self'; style-src 'self' 'unsafe-inline' https://use.fontawesome.com www.gstatic.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css; img-src 'self' alectrautilities.com www.alectra.com www.gstatic.com t.co analytics.twitter.com syndication.twitter.com www.facebook.com data: www.w3.org/svg/2000 www.google.ca www.google-analytics.com bat.bing.com tr.outbrain.com translate.google.com www.google.com translate.googleapis.com connect.facebook.net c.clarity.ms bing.com/c www.googletagmanager.com/a; media-src 'self'; frame-src 'self' platform.twitter.com static.addtoany.com syndication.twitter.com www.gstatic.com www.google.com www.youtube.com www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com; frame-ancestors 'self' syndication.twitter.com; font-src 'self' https://use.fontawesome.com https://themes.googleusercontent.com; connect-src 'self' i.clarity.ms analytics.google.com stats.g.doubleclick.net translate.googleapis.com www.google-analytics.com *.clarity.ms bam.nr-data.net *.hotjar.com bat.bing.com *.hotjar.io https://adservice.google.com https://www.google.ca alectrautilities.com; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com ok8static.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1 default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1 default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src 'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1 policy-uri /'unsafe-inline' 1 frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1 base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com ict.infinity-tracking.net snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=XnwrmwrsrckbipoU563Sh36c2Bb8WiiHQF1aHpd%2BdaRRiyHA8AAQVMYXA9npLzlMdKKHuGsx8HOx84mw2iVnfw%3D%3D; 1 "default-src *" 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://glitchtip.vixns.net/api/17/store/ https://glitchtip.vixns.net/api/17/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live ar.team.live pl.team.live tr.team.live; 1 'default-src \'self\'; 1 object-src 'none'; script-src 'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; $ 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ; 1 default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1 default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1 default-src dock.ui.bosch.tech *.hotjar.io *.hotjar.com wss://*.hotjar.com 'self' script.hotjar.com vc.hotjar.io in.hotjar.com *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' *.hotjar.com fonts.gstatic.com; object-src data: 'self'; img-src https: blob: data:; style-src 'self' *.buderus.com buderus.com 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src dock.ui.bosch.tech https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net; connect-src http: https: wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; script-src 'self' https://www.googletagmanager.com 'nonce-XIltiWGO/EZRESPz14Yw7rBSv6EbhrzY8u6dMe++8Oo='; connect-src 'self' https://www.google-analytics.com; img-src 'self' https://schoolsbuddy.blob.core.windows.net 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com ajax.aspnetcdn.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com www.gstatic.com *.googleoptimize.com www.tag4arm.com dev.visualwebsiteoptimizer.com cdn.mouseflow.com connect.facebook.net app.vacancy-filler.co.uk secure.adnxs.com *.doubleclick.net services.postcodeanywhere.co.uk centrepointorguk-staging.azurewebsites.net centrepoint.org.uk platform.twitter.com static.ads-twitter.com cdn.syndication.twimg.com *.8x8.com *.dotomi.com *.consensu.org *.stripe.com *.newmode.net *.shpg.org blog.apps.npr.org widget.raisenow.com *.clarity.ms www.buzzsprout.com i.tryinteract.com *.tvsquared.com r.bidswitch.net *.audiencemanager.de *.centrepoint.org.uk *.shorthand.com; default-src 'self' data:; worker-src https://centrepointorguk-staging.azurewebsites.net centrepoint.org.uk; style-src 'self' 'unsafe-inline' hello.myfonts.net tagmanager.google.com optimise.google.com fonts.googleapis.com services.postcodeanywhere.co.uk platform.twitter.com widget.raisenow.com *.google.com *.centrepoint.org.uk; connect-src 'self' dev.visualwebsiteoptimizer.com www.tag4arm.com services.postcodeanywhere.co.uk rec1.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.clarity.ms *.audiencemanager.de *.shorthand.com; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com widget.raisenow.com; img-src 'self' 'unsafe-inline' *.gravatar.com data: www.tag4arm.com centrepointorguk.azureedge.net dev.visualwebsiteoptimizer.com centrepointorguk.blob.core.windows.net *.facebook.com *.facebook.net *.g.doubleclick.net http://maps.googleapis.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com optimise.google.com *.googleadservices.com ssl.gstatic.com *.doubleclick.net img.youtube.com rec1.visualwebsiteoptimizer.com cdn.syndication.twimg.com *.twitter.com *.twimg.com t.co *.8x8.com *.liadm.com *.contextweb.com *.vdopia.com *.pubmatic.com *.adnxs.com *.rubiconproject.com *.tremorhub.com *.mediaplex.com *.addkt.com *.dotomi.com core.conversant.mgr.consensu.org padlet.com padlet.net *.clarity.ms *.bing.com www.gstatic.com *.tvsquared.com *.placeholder.com r.bidswitch.net *.centrepoint.org.uk centrepoint.org.uk; frame-src 'self' *.8x8.com *.doubleclick.net www.youtube.com www.google.com optimise.google.com connect.facebook.net www.facebook.com staticxx.facebook.com services.postcodeanywhere.co.uk platform.twitter.com syndication.twitter.com *.stripe.com *.newmode.net padlet.com padlet.net panoramea.co.uk *.google.com www.buzzsprout.com roundme.com quiz.tryinteract.com *.audiencemanager.de tour.panoee.com; 1 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1 allow 'self' 'https://www.facebook.com/'; 1 frame-ancestors *.amboss.com 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data: blob: 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src * 'unsafe-inline' data: blob: 'unsafe-inline'; frame-ancestors boost3d.net; child-src * 'unsafe-inline' data: blob: 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1 frame-ancestors https://*.estratraining.it 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=DjmYgI25DXJYnIB%2BZLjGGplChHIANEV2283495OQSIuzPkUQ9pPWPoRJT2DMJkS3aU8Q5kWWHZ5%2FJpbJKZ7j%2BQ%3D%3D; 1 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://api.pirsch.io/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://api.pirsch.io/; object-src 'self' 1 default-src 'self' *.vimeo.com *.doubleclick.net https://burgess.theatro360.com *.digitalimages.gr https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com; script-src *.jsdelivr.net qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.googleapis.com *.livechatinc.com *.quantcount.com *.quantserve.com *.doubleclick.net *.teads.tv www.googletagmanager.com r1.dotdigital-pages.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net view.ceros.com *.wirewax.com tour.theatro360.com https://download-video.akamaized.net/; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.dnky.co *.googleapis.com *.google.com *.typekit.net https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com *.stackadapt.com *.google.com; img-src *.google.com doubleclick.net *.doubleclick.net *.teads.tv *.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net www.google.az www.google.bg www.google.ch www.google.com.eg www.google.com.mx www.google.com.ua www.google.es www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com; connect-src *.hotjar.com commversion-public-functions.vercel.app *.teads.tv wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws3.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com www.google.com stats.addtoany.com wss://ws5.hotjar.com www.google-analytics.com wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com *.akamaized.net *.stackadapt.com *.google-analytics.com wss://*.hotjar.com; font-src 'self' *.typekit.net data: https://script.hotjar.com https://fonts.gstatic.com https://cdn.livechatinc.com; worker-src 'self' blob:; media-src 'self' https://vod-progressive.akamaized.net *.akamaized.net *.vimeocdn.com https://video-dev.github.io *.vimeo.com blob:; frame-src *.livechatinc.com r1.dotdigital-pages.com dotdigital-pages.com https://kuula.co kuula.co digitalimages.gr www.digitalimages.gr docs.google.com theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.digitalimages.gr digitalimages.gr *.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com view.ceros.com *.wirewax.com *.theatro360.com; child-src blob: ; script-src-elem *.jsdelivr.net optimize.google.com qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.livechatinc.com *.googleapis.com r1.dotdigital-pages.com dotdigital-pages.com *.doubleclick.net www.googleadservices.com googleadservices.com rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: *.trackedweb.net view.ceros.com *.wirewax.com *.stackadapt.com *.google.com; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1 base-uri 'none';connect-src 'self' dev.oresund.io test.oresund.io staging.oresund.io oresund.io www.oresund.io dc.services.visualstudio.com policy.app.cookieinformation.com consent.app.cookieinformation.com *.g.doubleclick.net 'unsafe-inline' pagead2.googlesyndication.com *.google.com *.google-analytics.com;font-src 'self';form-action 'self';frame-ancestors 'none';img-src 'self' self data: images.ctfassets.net ssl.gstatic.com www.gstatic.com ade.googlesyndication.com ib.adnxs.com www.facebook.com www.google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' checkout.reepay.com www.gstatic.com www.google.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' policy.app.cookieinformation.com tagmanager.google.com acdn.adnxs.com connect.facebook.net pagead2.googlesyndication.com www.googleadservices.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com www.googletagmanager.com;worker-src 'self'; 1 default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:; img-src 'self' data: shop.bzga.de piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; 1 default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1 default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com; frame-src 'self' assets.prod.heartline.com www.youtube.com; 1 "default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self';" 1 frame-ancestors https://*.techglimpse.com 1 default-src 'self' static1.nautal.com; connect-src 'self' https://api.clickandboat.com static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io https://*.clarity.ms; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net; img-src 'self' static1.nautal.com static2.nautal.com https://assets.nautal.com/frontend-assets/master/ https://blog.nautal.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com; script-src 'unsafe-eval' 'self' static2.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com *.criteo.net sslwidget.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'nonce-toP5N8JI+CT57LI6rXCnMw=='; style-src 'self' static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com 1 default-src 'unsafe-hashes' www.crohnsandcolitis.org.uk https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://platform.twitter.com https://docs.google.com https://customervoice.microsoft.com https://vars.hotjar.com https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://chats.landbot.io https://*.addtoany.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com;base-uri 'self';frame-ancestors 'self';script-src 'nonce-c0730a4f1e3d4a60832554d07b95198f' 'unsafe-eval' 'self' https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://static.landbot.io https://secure.callhandling.co.uk https://*.addtoany.com https://z.moatads.com https://*.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com;connect-src 'self' https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://www.facebook.com https://platform.twitter.com https://docs.google.com https://*.cookiefirst.com https://in.hotjar.com https://vc.hotjar.io https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://chats.landbot.io https://*.addtoany.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.typeform.com https://*.issuu.com;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.linkedin.com https://*.addtoany.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com;form-action 'self' https://*.readspeaker.com https://*.azureedge.net; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1 default-src 'self'; child-src data: blob:; connect-src 'self' bam.nr-data.net *.cdnbasket.net payline.com *.payline.com ids.cdnwidget.com *.onconnect-coach.3slab.fr smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com; font-src 'self' data: fonts.gstatic.com payline.com *.payline.com maxcdn.bootstrapcdn.com smartsolution-onconnectcoach.azureedge.net *.suez.com; form-action * com.suez.tsme: com.suez.tsme.app:; frame-src data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com; img-src 'self' data: blob: *.cloudfront.net cloudfront.net *.cdnwidget.com *.payline.com payline.com maps.googleapis.com maps.gstatic.com blob: api.cabestan.com smartsolution-onconnectcoach.azureedge.net *.youtube-nocookie.com *.youtube.com cdn1.iconfinder.com www.googletagmanager.com *.suez.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.cabestan.com bam.nr-data.net *.newrelic.com code.jquery.com *.cloudfront.net *.capadresse.com *.capadresse.com:2814 *.cloudfront.net *.payline.com payline.com *.js-agent.newrelic.com maps.googleapis.com *.cdnwidget.com *.aticdn.net *.xiti.com *.bootstrapcdn.com suez-eau-france.dimelochat.com ws.livingactor.com *.google.com *.google.com/maps www.gstatic.com smartsolution-smartcoach.azureedge.net apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 capadresse.apisimulator.toutsurmoneau.test www.googletagmanager.com *.atinternet-solutions.com *.atinternet.io *.ati-host.net *.atinternet.com *.piano.io *.cookiebot.com *.suez.com *.onconnect-coach.3slab.fr; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com payline.com *.payline.com smartsolution-smartcoach.azureedge.net *.bootstrapcdn.com www.gstatic.com *.googleapis.com *.suez.com; worker-src blob: 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1 child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1 upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com; 1 allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.google.com *.youtube.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com; 1 default-src https://ipara.com;https://ipara.com.tr 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1 default-src 'self' https:; script-src 'nonce-l6ckA8W8wd''self' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https:;frame-ancestors 'self' http://*.atlascopco.com *.atlascopco.com http://*.atlascopco.se http://*.atlascopco.co.uk http://*.atlascopco.de http://*.atlascopco-service.de http://*.atlascopco.com.au *.digabit.com *.desoutter.de *.desouttertools.it *.desouttertools.com www.apt-tools.com http://10.32.55.120:1313 http://*.cp.com *.cp.com http://firstdata.com http://www.miningandconstruction.com http://podshop.se http://*.dynapac.com ac.webcomcpq.com *.compressedairbusiness.com 185.180.76.140 *.atlascopco.com http://*.atlascopco.com http://*.atlascopco.se http://*.atlascopco.be *.digabit.com *.desouttertools.com http://193.109.72.119 http://194.132.104.142 http://194.132.104.143 http://212.75.80.201 http://219.235.5.99 http://*.dynapac.com http://too03 http://acdsgarland.com http://*.atlascopco.us http://baidu.com http://*.podshop.se http://*.vlaanderen.be *.cp.com *.compressedairbusiness.com http://10.46.47.25 http://intelliquoter.com http://*.airwco.com; form-action https:; connect-src https: wss:; upgrade-insecure-requests 1 default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1 default-src * blob: data:; frame-ancestors 'self'; img-src * data: maps.googleapis.com maps.gstatic.com i.ytimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net maps.googleapis.com *.usercentrics.eu *.cookiebot.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' maps.googleapis.com www.youtube.com s.ytimg.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net *.usercentrics.eu *.cookiebot.com stats.g.doubleclick.net noembed.com; frame-src 'self' *.cookiebot.com gematik.capita-europe.com ti-lage.prod.ccs.gematik.solutions ti-lage-editor.prod.ccs.gematik.solutions login.microsoftonline.com www.youtube-nocookie.com www.youtube.com www.facebook.com *.emailsys1a.net *.int.gematik.de; 1 script-src 'self' *.onrocket.site *.agentadvice.com *.amazonaws.com *.clickmeter.com *.abrankings.com *.omappapi.com *.jivosite.com *.stripe.com *.continual.ly *.google.com *.gstatic.com googleads.g.doubleclick.net googleads.g.doubleclick.ne www.google-analytics.com www.googletagmanager.com www.googleadservices.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com www.youtube.com s.ytimg.com *.amazonaws.com *.ladesk.com *.livechatinc.com *.visualwebsiteoptimizer.com *.vwo.com *.tiktok.com 'unsafe-inline'; 1 base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com www.clarity.ms cloudflareinsights.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com rebound.postmarkapp.com img.niagarafalls.ca arcweb2019.niagarafalls.ca cdn.monsido.com *.arcgisonline.com *.arcgis.com portal.niagarafalls.ca https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null cdnjs.cloudflare.com fonts.gstatic.com niagarafalls.ca *.arcgis.com;form-action 'self' *.paypal.com *.readspeaker.com *.paymentus.com niagarafalls.ca;frame-ancestors 'self' open.niagarafalls.ca niagarafalls.hub.arcgis.com map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca niagarafalls.maps.arcgis.com mapme.com viewer.mapme.com www.facebook.com maps.googleapis.com *.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com console.cloudinary.com cloudinary.com niagarafalls.ca ;img-src data: 'self' blob: img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.googletagmanager.com www.youtube.com *.monsido.com *.googleapis.com *.arcgisonline.com *.arcgis.com portal.niagarafalls.ca https://*.google.com c.clarity.ms c.bing.com https://*.google.ca;media-src 'self' *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: google.com www.google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com www.clarity.ms *.cloudflareinsights.com connect.facebook.net *.readspeaker.com rebound.postmarkapp.com cdn.monsido.com www.youtube.com cse.google.com clients1.google.com https://*.smartlook.com https://*.smartlook.cloud *.arcgisonline.com *.arcgis.com 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com *.arcgis.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1 default-src 'self' https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-f4f10e9d08cd242879d4540e3239a26e' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self' 1 default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:;font-src * data:; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com epl.bibliocms.com *.epl.bibliocms.com https://www.epl.ca www.epl.ca *.www.epl.ca; 1 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1 img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1 connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1 default-src 'self' www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.microad.jp *.twitter.com www.facebook.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.microad.jp www.google-analytics.com *.twitter.com dmp.im-apps.net www.googleadservices.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net audiencedata.im-apps.net; img-src 'self' data: acerjapan.com *.microad.jp www.google-analytics.com *.twitter.com *.google.co.jp *.google.com; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com librarypoint.bibliocms.com *.librarypoint.bibliocms.com https://www.librarypoint.org www.librarypoint.org *.www.librarypoint.org; 1 default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io; img-src 'self' data: blob: www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com; connect-src 'self' *.browsealoud.com feeds.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com payments.blackbaud.com; worker-src 'self' blob:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 1 default-src 'self'; frame-src 'self' *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self'; block-all-mixed-content; connect-src 'self' https://embed.tawk.to https://upload.tawk.to https://va.tawk.to wss://*.tawk.to; font-src 'self' data: https://embed.tawk.to; frame-ancestors 'self'; img-src 'self' data: https://embed.tawk.to https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://embed.tawk.to 1 script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1 default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/ 1 frame-ancestors 'self' https://www.kayak.fr 1 frame-ancestors 'self' *.ratingruneta.ru ratingruneta.ru webvisor.com http://webvisor.com metrika.yandex.ru *.yandex.net 1 frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1 default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' 'unsafe-eval' img-src https://piwik.bzga.de/ 1 default-src 'none'; child-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; font-src 'self'; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com 'unsafe-inline' 'nonce-A53ljMNVO65v6YrN7gY4Mw=='; style-src 'self' 'unsafe-inline'; prefetch-src 'self' 1 frame-ancestors 'self' insights.hotjar.com 1 frame-ancestors 'self' 'https://www.googletagmanager.com' 'https://invatio.nl'; report-uri https://cargoweb.airfrance.fr/csp-report; 1 default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.clarity.ms *.ytimg.com *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1 upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1 default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.compx.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self' *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-c632b0ea64b0d97232d691efb7ee3bbe'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-520acfbefa7165b2cfc8423bb371be13'; font-src * data:; 1 default-src * 1 default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com static.hotjar.com script.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net js.hs-banner.com collectie.averoachmea.nl https://www.googletagmanager.com https://surfly.com d6tizftlrpuof.cloudfront.net js.usemessages.com https://js.hscollectedforms.net *.collectie.centraalbeheer.nl https://cdn.harvest.graindata.com https://collectie.centraalbeheer.nl https://www.youtube.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net *.ads.linkedin.com https://i.ytimg.com *.google-analytics.com *.analytics-google.com https://www.advieskeuze.nl https://maps.googleapis.com https://maps.gstatic.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.ave01.pre.connectis.io https://www.google-analytics.com https://surfly.com https://sentry.io *.hsforms.com *.averoachmea.nl *.collectie.centraalbeheer.nl https://controle.achmea.consentmonitor.nl https://collectie.centraalbeheer.nl dc.services.visualstudio.com *.google-analytics.com *.analytics-google.com https://api.advieskeuze.nl;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com d6tizftlrpuof.cloudfront.net *.surfly.com surfly.com app.hubspot.com forms.hsforms.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl *.hsforms.com;block-all-mixed-content; 1 frame-ancestors https://goloadup.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com https://oaklandlibrary.org oaklandlibrary.org *.oaklandlibrary.org; 1 frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1 default-src 'self'; frame-ancestors 'self' *.centravet.net; connect-src 'self' blob: https://stats.g.doubleclick.net https://analytics.google.com https://google-analytics.com https://*.google-analytics.com https://*.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://www.googleadservices.com https://*.google.com https://google.com https://doubleclick.net https://*.doubleclick.net https://rcdfcdn.mars.com https://*.onetrust.com https://*.jquery.com https://*.windows.net https://*.google-analytics.com https://*.mars.com;img-src blob: data: 'self' https://cdn.cookielaw.org https://www.google.fr https://*.google.fr https://*.blob.core.windows.net https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.google.fr https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://google.com https://*.royalcanin.fr/ https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://google.com https://*.google.com https://googleapis.com https://*.googleapi.com https://google.com https://*.google.com https://googleapis.com https://*.googleapi.com https://optanon.blob.core.windows.net https://fonts.googleapis.com https://use.fontawesome.com https://*.mars.com; font-src 'self' data: https://gstatic.com https://*.gstatic.com https://fonts.gstatic.com https://*.mars.com https://use.fontawesome.com; frame-src 'self' https://doubleclick.net https://*.doubleclick.net https://*.vimeo.com; object-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net; 1 default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1 frame-ancestors https://*.wppit.com 1 Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a11801205434.cdn.optimizely.com https://a11801205434.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1 form-action *.ausy-technologies.de *.ausy.ch; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' *.ausy.ch *.ausy-technologies.de *.kununu.com *.typenetwork.com matomo.dgtls.com *.cloudflareinsights.com salesviewer.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.matomo.dgtls.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.ausy-technologies.de *.ausy.ch https://*.crisp.chat wss://*.crisp.chat https://unpkg.com data: 1 default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 1 default-src 'self' https://lp.cloud4c.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://widget.intercom.io https://js.intercomcdn.com https://script.crazyegg.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://a.quora.com https://www.googleadservices.com https://cdn.pagesense.io https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.google-analytics.com https://snap.licdn.com https://t.cloud4c.com https://*.likebtn.com https://s7.addthis.com https://munchkin.marketo.net https://sjrtp9-cdn.marketo.com https://rtp-static.marketo.com https://sjrtp9.marketo.com https://tpc.googlesyndication.com https://lp.cloud4c.com https://app-sjp.marketo.com https://px.ads.linkedin.com https://cdnjs.cloudflare.com https://www.clarity.ms; object-src 'self'; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://*.likebtn.com https://rtp-static.marketo.com https://lp.cloud4c.com; img-src 'self' data: https://p.adsymptotic.com https://downloads.intercomcdn.com https://js.intercomcdn.com https://static.intercomassets.com https://www.google.co.in https://q.quora.com https://www.google.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://t.cloud4c.com https://pv.likebtn.com https://googleads.g.doubleclick.net https://lp.cloud4c.com https://c.clarity.ms; media-src 'self' https://js.intercomcdn.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net youtu.be www.youtube.com www.facebook.com https://tpc.googlesyndication.com https://lp.cloud4c.com; font-src 'self' 'unsafe-inline' https://js.intercomcdn.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com; connect-src 'self' 'unsafe-inline' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://www.google-analytics.com https://pagesense-collect.zoho.com https://stats.g.doubleclick.net https://t.cloud4c.com https://224-ahc-158.mktoresp.com https://sjrtp9.marketo.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io https://www.clarity.ms https://analytics.google.com https://u.clarity.ms https://o.clarity.ms; report-uri /report-csp-violation 1 default-src 'self' https://cdn.ons.gov.uk; font-src 'self' https://fonts.gstatic.com https://cdn.ons.gov.uk; script-src 'self' *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://cdn.ons.gov.uk; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.ons.gov.uk; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://cdn.ons.gov.uk; frame-src https://www.youtube.com https://www.googletagmanager.com; img-src 'self' *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.ons.gov.uk 1 default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self'; child-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru mc.yandex.ru accounts.google.com content.googleapis.com; connect-src 'self' cdn.datatables.net wss://seolib.ru:8018 mc.webvisor.org mc.webvisor.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; font-src 'self' data: seolib.ru fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src static.seolib.ru www.google.com www.google.com.ua www.google.ru reformal.ru accounts.google.com content.googleapis.com; img-src 'self' data: favicon.yandex.net www.google-analytics.com www.googletagmanager.com https://*.googleusercontent.com stats.g.doubleclick.net mc.webvisor.org www.google.com www.google.com.ua www.google.ru mc.yandex.ru reformal.ru cdn.jsdelivr.net media.reformal.ru gstatic.com www.gstatic.com https://*.gstatic.com http://traffic.alexa.com http://runep.ru/; media-src 'self' cdn.datatables.net https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' seolib.ru media.reformal.ru www.google-analytics.com www.googletagmanager.com tagmanager.google.com stats.g.doubleclick.net mc.webvisor.org d31j93rd8oukbv.cloudfront.net mc.yandex.ru www.google.com www.google.com.ua www.google.ru apis.google.com https://apis.google.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com gstatic.com www.gstatic.com https://*.gstatic.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com seolib.ru www.google.com ajax.googleapis.com use.fontawesome.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com https://cdn.experrto.io https://*.jivosite.com ws://*.jivosite.com; report-uri /csp/report 1 default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1 form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.cloudflareinsights.com salesviewer.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.expo-ip.com *.iwis-daido.com *.iwis-coating.com *.iwis-coating.com.cw06.virtualhosts.de *.kindergarten-kinderkette.de https://*.crisp.chat wss://*.crisp.chat https://unpkg.com data: frame-ancestors 'self' http://impulse.iwis.com https://impulse.iwis.com http://staffbase.com https://www.jobstimme.de capacitor://impulse.iwis.com capacitor://staffbase.com localhost:* http://iwis.com capacitor://iwis.com 1 frame-ancestors 'self' http://www.lugaro.com http://www.manfredijewels.com http://www.dutyfreediplomatic.com 1 default-src https:; connect-src pathbrite-content.s3.amazonaws.com pathbrite-direct-upload.s3.amazonaws.com *.pathbrite.com wss://*.pathbrite.com *.facebook.com *.cloudfront.net stats.g.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.facebook.net *.pathbrite.com *.cloudfront.net *.google.com stats.g.doubleclick.net *.google-analytics.com *.twitter.com vimeo.com; style-src 'unsafe-inline' *.cloudfront.net *.bootstrapcdn.com; img-src * data:; font-src * data: 1 default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-lCG0aOXVz41daQUGi+P2WA=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-lCG0aOXVz41daQUGi+P2WA=='; report-uri /csp/report 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sno-isle.bibliocms.com *.sno-isle.bibliocms.com https://www.sno-isle.org www.sno-isle.org *.www.sno-isle.org; 1 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1 img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self'; object-src 'self'; frame-ancestors none 1 default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 1 allow 'self'; options inline-script eval-script; frame-ancestors 'self' 1 default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1 default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-iSr+fPGzKiCiCtwV' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com *.fbto.nl connect.facebook.net cdn.harvest.graindata.com www.pingvp.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com www.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu www.pingvp.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl defriesland.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com; script-src 'strict-dynamic' 'nonce-36f8286292560264738f00d1f182421f' 'nonce-957c7d37821c852f618867b774a83291' 'nonce-094f126a1791b2123b09b1ee3a3ec391' 'nonce-7011463b9816b884866980880036249d' 'nonce-123b367cd253a6d2d7d074fcdbba9de1' 'nonce-4c70be9f7a9aa41db0d34819efaf93c5' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-36f8286292560264738f00d1f182421f' 'nonce-957c7d37821c852f618867b774a83291' 'nonce-094f126a1791b2123b09b1ee3a3ec391' 'nonce-7011463b9816b884866980880036249d' 'nonce-123b367cd253a6d2d7d074fcdbba9de1' 'nonce-4c70be9f7a9aa41db0d34819efaf93c5' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; base-uri 'self'; 1 upgrade-insecure-requests; default-src 'self'; base-uri 'none'; connect-src 'self' consentcdn.cookiebot.com *.web-vision.de; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: www.youtube-nocookie.com/*; img-src 'self' https: data: 'unsafe-inline' *.google.com www.google-analytics.com maps.googleapis.com *.cloudfront.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.google.com www.google-analytics.com maps.googleapis.com stat.web-vision.de stats.web-vision.de; style-src 'self' https: 'unsafe-inline'; worker-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: https://via.tt.se/; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1 default-src 'self' blob: data: https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-op-static.storage.googleapis.com https://pendo-static-5741583443689472.storage.googleapis.com https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com app.pendo.io data.pendo.example.com 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://*.hotjar.com wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.hotjar.com 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/ https://www.google.com/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 frame-ancestors 'self'; default-src 'self' *.gatewaycu.co.uk *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gatewaycu.co.uk *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.gatewaycu.co.uk *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.gatewaycu.co.uk *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.gatewaycu.co.uk *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1 frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1 default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-e651e0b424c958fc1e76cc212fd7e44a' 'nonce-7ad94c25c7adfb6ba06a792e2f97d598' 'nonce-25bf9f2dfb8abed7bd3adc53e8301ce7' 'nonce-bc8d659084c0038829a040cfeb221f9c' 'nonce-4ffe1e3cf6c8eccf9a939c71dbbc2514' 'nonce-a0344bd9349bf6e7bba08e64b15460a6' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e651e0b424c958fc1e76cc212fd7e44a' 'nonce-7ad94c25c7adfb6ba06a792e2f97d598' 'nonce-25bf9f2dfb8abed7bd3adc53e8301ce7' 'nonce-bc8d659084c0038829a040cfeb221f9c' 'nonce-4ffe1e3cf6c8eccf9a939c71dbbc2514' 'nonce-a0344bd9349bf6e7bba08e64b15460a6' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src 'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;worker-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src 'self' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.google.com;object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1 frame-ancestors 'none'; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'none'; frame-src 'none'; frame-ancestors 'none'; child-src 'none'; font-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data: http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com/ https://v1.addthisedge.com/ https://s3.amazonaws.com/ https://*.bazaarvoice.com/ http://nexus.ensighten.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://mpsnare.iesnare.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.list-manage.com/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.paypalobjects.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://ct.pinterest.com/ https://log.pinterest.com/ https://*.stripe.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.choozle.com/ https://tags.bluekai.com/ https://match.adsrvr.org/track/ https://idsync.rlcdn.com/ https://cm.g.doubleclick.net/ https://segments.company-target.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; form-action 'self' data: blob: https://www.facebook.com/tr/ https://*.bazaarvoice.com/ https://darigold.us6.list-manage.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1 default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com; media-src https://* 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 default-src 'self' *.fg.cz localhost localhost-promo;font-src 'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src 'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz;form-action 'self' *.fg.cz *.facebook.com;frame-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com;worker-src 'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src 'self' *.fg.cz 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://optimize.google.com https://*.walls.io https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://ext.nonstoppartner.net https://*.gs1.org https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net; frame-ancestors 'self' https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com hcpl.bibliocms.com *.hcpl.bibliocms.com https://hcpl.net hcpl.net *.hcpl.net; 1 allow 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com dakumidev3-baycurrent.cs76.force.com *.dakumidev3-baycurrent.cs76.force.com eir-parts.net *.eir-parts.net baycurrent.force.com *.baycurrent.force.com baycurrent.secure.force.com *.baycurrent.secure.force.com baycurrent.my.salesforce-sites.com stats.g.doubleclick.net 1 default-src 'self' 'unsafe-inline' https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticfiles.digitalchargingsolutions.com https://maps.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline' https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self' https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1 frame-ancestors *; 1 default-src data: wss://*.sptpub.com wss://*.ln.md:* wss://ln.md:* wss://*.7777.md:* wss://7777.md:* wss://*.7777gaming.tech:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://ln.md https://*.ln.md https://7777.md https://*.7777.md https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.comm100.io https://*.comm100download.com https://www.googleadservices.com https://www.google.com https://*.google.bg https://*.google.md https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://*.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.adform.net/ https://*.hotjar.com https://*.trafficjunky.com/ https://*.cloudflareinsights.com https://cloudflareinsights.com https://7777gaming.tech/ https://*.7777gaming.tech https://ngt-mrk-8888bg-s.7777gaming.tech https://sb2integration-altenar2.biahosted.com https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2betslip-altenar2.biahosted.com https://wgt-s3-cdn.statscore.com https://widgets.sir.sportradar.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com/ https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com https://sb2betbuilder-altenar2.biahosted.com/ https://sb2streaming-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://fbstreambro.cc https://embed.twitch.tv https://spbro.live https://*.spbro.live https://ctrack.trafficjunky.net/ ; frame-ancestors 'self' *.ln.md *.7777.md 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-3TfzLd38eNZOF61SebnBrJFu4dsaWE5X' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1 default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consent.consentcdn.cookiebot.com cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' consentcdn.cookiebot.com; img-src 'self' data: *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1 default-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; script-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; style-src 'self' 'unsafe-inline' https: http://www.portaleamministrazionetrasparente.it/; font-src 'self' https: http://www.portaleamministrazionetrasparente.it/ 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://expressone.hu/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1 default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1 default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com; report-uri /report-csp-violation 1 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob:; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self' *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://yoast.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://cdn.jsdelivr.net/npm/webfontloader@1.6.28/webfontloader.min.js https://oss.maxcdn.com/webfontloader/1.5.21/webfontloader.js https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://developers.google.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://prod-druid-apc.azureedge.net/druid_webchat.js https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://optimize.google.com https://s.yimg.com/wi/ytc.js https://sp.analytics.yahoo.com https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat_modules.js *.qualtrics.com https://cdn.jsdelivr.net:* https://unpkg.com:* https://p.teads.tv/teads-fellow.js; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/rangeslider.js@2.3.2/dist/ https://cdn.rawgit.com https://cdnjs.cloudflare.com/ajax/libs/ https://*.hotjar.com https://prod-druid-apc.azureedge.net/druid_webchat.css https://tagmanager.google.com https://optimize.google.com https://otpdev.druidplatform.com https://cdn.jsdelivr.net:*; img-src 'self' data: https://s.w.org https://stats.g.doubleclick.net https://www.google-analytics.com https://media.licdn.com https://secure.gravatar.com https://fonts.gstatic.com https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://ssl.gstatic.com https://www.gstatic.com https://cdn.rawgit.com https://raw.githubusercontent.com https://druiddemo18533.blob.core.windows.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.ro https://www.facebook.com/tr/ https://optimize.google.com https://www.otpbank.ro/sites/default/files/assets/images/octavian-avatar-2.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-24-2x.png https://www.otpbank.ro/sites/default/files/assets/images/OTP-Octavian2.png https://*.hotjar.com https://*.doubleclick.net https://fra1.qualtrics.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com *.teads.tv:*; media-src 'self' data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.facebook.com https://s-static.ak.facebook.com https://media.licdn.com https://bid.g.doubleclick.net https://4884242.fls.doubleclick.net/ https://optimize.google.com https://vars.hotjar.com/ https://web.facebook.com/ *.qualtrics.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://themes.googleusercontent.com https://*.hotjar.com; connect-src 'self' https://yoast.com https://otp.druidplatform.com/api/ https://directline.botframework.com https://directline.botframework.com/ https://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://www.google.com/pagead/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://prod-druid-api.azurewebsites.net/api/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://siteintercept.qualtrics.com *.google-analytics.com *.analytics.google.com https://maps.googleapis.com:* https://cm.teads.tv:* *.teads.tv:*; upgrade-insecure-requests 1 default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: http://players.brightcove.net https://www.brighttalk.com https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: http://a.idio.co/ http://i.idio.co https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com http://app-sj29.marketo.com/ https://app-sj29.marketo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates-iife.compiled.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answers.min.js https://answers-embed.lazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.aulazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.uklazardassetmanagement.com.pagescdn.com/iframe.js https://assets.sitescdn.net/answers/v1.6/answers.css https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com http://players.brightcove.net https://www.brighttalk.com http://vjs.zencdn.net/vttjs/ http://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ http://s.idio.co/ia.js http://s.idio.co/ip.js http://js.idio.co/1473.js http://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * 'unsafe-inline'; frame-ancestors 'self' http://pages.lazardassetmanagement.com https://pages.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://www.brighttalk.com https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com dayton.bibliocms.com *.dayton.bibliocms.com https://www.daytonmetrolibrary.org www.daytonmetrolibrary.org *.www.daytonmetrolibrary.org; 1 upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1 default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1 default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-v8aIZFapKbdjK7/tC/KADQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com https://pbs.122.2o7.net https://ssl.siteimprove.com; font-src 'self' data:; frame-ancestors 'self'; 1 connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors https://*.buxfer.com 1 default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr *.youtube.com *.vimeo.com *.atlantic.fr *.cookiebot.com *.doubleclick.net *.vectary.com *.instagram.com *.cdninstagram.com *.pinterest.com *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.googletagmanager.com *.groupe-atlantic.com *.cookiebot.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.google-analytics.com *.soyooz.com *.mxpnl.com code.jquery.com cdn.jsdelivr.net googleads.g.doubleclick.net *.facebook.net *.tradelab.fr *.pinimg.com *.inbenta.services *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site 1 default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://script.google.com/; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1 default-src 'none'; base-uri www.hahn-airport.de; connect-src www.hahn-airport.de matomo.hahn-airport.de; font-src www.hahn-airport.de; form-action www.hahn-airport.de parken.hahn-airport.de; frame-ancestors www.hahn-airport.de; frame-src www.hahn-airport.de; img-src www.hahn-airport.de data: *.openstreetmap.de; script-src www.hahn-airport.de matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; 1 base-uri 'self'; child-src 'self' data: www.youtube.com gap:; frame-src 'self' data: www.youtube.com gap:; connect-src 'self' www.google-analytics.com botbuilder.labiba.ai; default-src 'self' data: gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: blob:; media-src * data:; object-src 'self'; script-src 'self' data: botbuilder.labiba.ai www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=HMx87gjtSoLu%2Fq2Y85c2AWxibagYW5UIYmePigWGvHkKYgBKOcLj%2FNGEAYeR%2BO%2FbRBzApFBVtH79Nr2banHKxA%3D%3D; 1 default-src 'self' *.google-analytics.com data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com; upgrade-insecure-requests 1 frame-ancestors 'self' https://psr-www.bayard-jeunesse.com https://www.bayard-jeunesse.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 default-src 'self' ; frame-src 'self' https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi.mtbank.by https://mpi.mtbank.by:80 https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io https://app.blinger.io https://static.mybank.by data: blob: https://www.google-analytics.com https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1 default-src 'self'; frame-src 'self' https://heyzine.com/ *.mentimeter.com/ *.careopinion.org.uk/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/ online.fliphtml5.com/ https://w.soundcloud.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com *.justgiving.com https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://feeds.trac.jobs/ https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net; 1 default-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.fairyintra.net *.fairycosmo.com *.b-cdn.net muffingroup.com *.cloudflare.com *.mediadelivery.net; connect-src 'self' *.doubleclick.net *.googleapis.com *.google-analytics.com; img-src data: *.fairycosmo.com *.fairyintra.net *.gravatar.com *.creativecommons.org licensebuttons.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.fairycosmo.com *.fairyintra.net; form-action 'self'; frame-ancestors 'self' ; base-uri 'self'; frame-src 'self' *.gstatic.com *.google.com *.mediadelivery.net *.fairycosmo.com *.fairyintra.net; media-src 'self' *.fairycosmo.com *.fairyintra.net *.mediadelivery.net; font-src 'self' *.fairycosmo.com *.fairyintra.net fonts.gstatic.com data:; worker-src 'self' *.fairyintra.net fairycosmo.com; manifest-src 'self' fairycosmo.com; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1 default-src 'self' themes.googleusercontent.com www.google-analytics.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.credit-cgi.fr ui.vivafi.fr simulateur.vivafi.fr vivafi.fr *.facebook.net js.stripe.com *.crisp.chat *.abtasty.com *.ekonsilio.io *.hotjar.com *.hotjar.io *.stampyt.io;frame-src 'self' *.google.com *.googleapis.com *.credit-cgi.fr ui.vivafi.fr simulateur.vivafi.fr vivafi.fr js.stripe.com *.youtube.com *.abtasty.com *.hotjar.com *.hotjar.io *.stampyt.io;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.ekonsilio.io *.hotjar.com *.hotjar.io *.stampyt.io;img-src 'self' data: blob: *.fidcar.com *.googleapis.com *.webqamapps.com *.autodisol.com *.webqam.fr *.gstatic.com *.google-analytics.com autobernard.staging.front-commerce.cloud *.google.com *.google.fr *.ekonsilio.io *.doubleclick.net *.hotjar.com *.hotjar.io *.stampyt.io;font-src 'self' data: *.gstatic.com *.ekonsilio.io *.hotjar.com *.hotjar.io;connect-src 'self' *.bridged.cc *.algolia.net *.algolianet.com *.google-analytics.com *.doubleclick.net *.stampyt.fr *.googleapis.com *.facebook.net *.facebook.com *.abtasty.com *.ekonsilio.io ws.livechat.ekonsilio.io cdn.simplelocalize.io *.hotjar.com *.hotjar.io *.stampyt.io;base-uri 'self';report-uri /csp/report 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.scoreauthority.net *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io cdn.userway.org www.googleadservices.com; style-src 'self' 'unsafe-inline' *.scoreauthority.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.scoreauthority.net www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io *.userway.org googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'unsafe-inline' * 'unsafe-eval'; style-src 'unsafe-inline' * 'unsafe-eval'; img-src *; media-src *; frame-src *; frame-ancestors *.archcare.org; font-src *; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.fullstory.com https://ssl.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.iesnare.com https://*.iovation.com https://www.locize.app https://cdn.otherlevels.com https://c.paypal.com https://*.paywithmybank.com http://static.cdn.prismic.io https://sdk.privacy-center.org https://widgets.sir.sportradar.com https://*.trustly.one https://*.twitch.tv https://www.youtube.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.datadoghq-browser-agent.com https://consent.cookiebot.com https://connect.facebook.net https://consentcdn.cookiebot.com blob: data: ; connect-src 'self' https://*.joabet.fr wss://*.joabet.fr https://*.datadoghq.eu https://rs.fullstory.com https://*.gaming1.com wss://*.gaming1.com wss://*.gaming1.com:10002 https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com wss://*.hotjar.com wss://mpsnare.iesnare.com https://*.otherlevels.com https://wss.plc-gc.com:* wss://wss.plc-gc.com:* https://*.cdn.prismic.io https://*.prismic.io https://api.privacy-center.org https://*.slpuat.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com https://widgets.sir.sportradar.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.facebook.com https://consentcdn.cookiebot.com wss://*.zopim.com ; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://widgets.sir.sportradar.com ; font-src 'self' data: http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com ; frame-src 'self' https://*.gaming1.com https://www.google.com/maps/embed https://*.hotjar.com https://*.paywithmybank.com https://*.trustly.one https://player.twitch.tv https://www.youtube.com/embed/ https://consentcdn.cookiebot.com ; img-src * blob: data: ; media-src * data: ; manifest-src 'self' ; object-src 'none' ; form-action https://*.paywithmybank.com https://*.slpuat.com https://*.trustly.one https://secure.payzen.eu ; 1 default-src 'self' https://cdn.competitionsuite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://sentry.io https://cdn.ravenjs.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://www.gstatic.com https://*.firebaseio.com https://kendo.cdn.telerik.com https://ajax.googleapis.com www.google-analytics.com ssl.google-analytics.com ajax.cloudflare.com cdn.pubnub.com https://ajax.cloudflare.com https://d3js.org sdk.amazonaws.com beacon-v2.helpscout.net static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com/ unpkg.com; style-src 'self' data: 'unsafe-inline' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.competitionsuite.com https://competitionsuite.com https://cdn.competitionsuite.io https://cdn.competitionsuite.com https://vault.compsuite.io https://competitionsuite.blob.core.windows.net https://s3.amazonaws.com cs-profile-upload.s3.amazonaws.com www.google-analytics.com ssl.google-analytics.com http://kendo.cdn.telerik.com https://*.stripe.com d33v4339jhl8k0.cloudfront.net; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://player.vimeo.com *.firebaseio.com mozilla.github.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://cdn.competitionsuite.com files.competitionsuite.com https://socket.competitionsuite.com https://sentry.io wss://socket.competitionsuite.com wss://*.firebaseio.com https://s3.amazonaws.com *.stripe.com *.vimeo.com *.pndsn.com cs-video.s3.amazonaws.com cognito-identity.us-east-1.amazonaws.com www.google-analytics.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net; media-src 'self' http://audio.competitionsuite.com https://audio.competitionsuite.com https://s3.amazonaws.com; report-uri https://sentry.io/api/1333530/security/?sentry_key=db3117a28c894c5ebfcaf7b702a4f22f&sentry_environment=production 1 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1 frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.mouseflow.com *.surveymonkey.com *.google.com *.gstatic.com *.icancharity.org.uk *.vimeo.com *.youtube.com chimpstatic.com *.mailchimp.com *.list-manage.com *.sharethis.com *.facebook.net; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.mailchimp.com *.googleapis.com *.icancharity.org.uk; connect-src 'self' *.google-analytics.com *.doubleclick.net *.icancharity.org.uk *.articulate.com *.mouseflow.com *.vimeo.com vimeo.com *.sharethis.com *.googleapis.com; font-src 'self' *.gstatic.com *.icancharity.org.uk data:; img-src 'self' 'unsafe-inline' data: *.gravatar.com *.ssl.com https://1yy9wa31b3t44cjxmd1hvxqb-wpengine.netdna-ssl.com *.gstatic.com *.googleapis.com *.icancharity.org.uk *.surveymonkey.com *.smassets.net *.ytimg.com *.vimeocdn.com mcusercontent.com *.sharethis.com *.facebook.com; frame-src 'self' *.google.com *.vimeo.com *.icancharity.org.uk *.youtube.com *.office.com *.surveymonkey.com *.powerbi.com; 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-30e3e146ae6206195f4d4ac14c879272' 'nonce-a03245310bf608f7efc392b321854a77' 'nonce-8937d2b43078db357cd563eb8e3ab0d5' 'nonce-048657b74ca63c7f440ca9a784c023a0' 'nonce-92e8c93cbe8fccafabaa0990f626588d' 'nonce-f2eb6b3fd0250bc04d338d348126202e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-30e3e146ae6206195f4d4ac14c879272' 'nonce-a03245310bf608f7efc392b321854a77' 'nonce-8937d2b43078db357cd563eb8e3ab0d5' 'nonce-048657b74ca63c7f440ca9a784c023a0' 'nonce-92e8c93cbe8fccafabaa0990f626588d' 'nonce-f2eb6b3fd0250bc04d338d348126202e' 'self' 'unsafe-inline' https: 'report-sample' 1 frame-ancestors 'self' *.finq.com 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self'; media-src 'self'; frame-src 'self' *.google.com maps.googleapis.com *.youtube.com; frame-ancestors 'self' *.google.com maps.googleapis.com *.youtube.com; child-src 'self' *.google.com maps.googleapis.com *.youtube.com; font-src 'self' fonts.gstatic.com; connect-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 form-action 'self' payment.ecpay.com.tw *.facebook.com *.ctbcbank.com *.line.me, base-uri 'self'; child-src 'self' *.youtube.com; connect-src 'self' cdn.penglue.jp asia-northeast1-penglue-266110.cloudfunctions.net point-ads.line-apps.com *.google.com.tw maps.googleapis.com *.google-analytics.com *.yimg.com *.g.doubleclick.net analytics.google.com bat.bing.com *.facebook.com *.facebook.net *.typekit.net *.clarity.ms asia-east1-chichat-cat.cloudfunctions.net *.chichat.tw; object-src 'self'; default-src 'self' *.gstatic.com *.yimg.com *.google-analytics.com stats.g.doubleclick.net; script-src 'self' *.chichat.tw static.cloudflareinsights.com maps.googleapis.com *.yimg.com *.bid.g.doubleclick.net *.facebook.net *.facebook *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.adsrvr.org *.yimg.com d.line-scdn.net *.googlesyndication.com bat.bing.com use.typekit.net www.clarity.ms cdn.penglue.jp point-ads.line-apps.com 'unsafe-inline' ; style-src 'self' *.googleapis.com www.googletagmanager.com 'unsafe-inline'; img-src 'self' c.bing.com cdn.penglue.jp *.clarity.ms data: maps.googleapis.com *.gstatic.com *.analytics.yahoo.com *.g.doubleclick.net *.doubleclick.net *.google.com.tw *.google.com *.google-analytics.com *.facebook.com r.turn.com tr.line.me *.googleadservices.com *.googletagmanager.com *.facebook.net bat.bing.com *.chichat.tw; frame-src 'self' cdn.penglue.jp *.google.com insight.adsrvr.org *.doubleclick.net *.facebook.com *.youtube.com *.chichat.tw; media-src 'self' *.youtube.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ cdn.knightlab.com *.blogspot.com secure.givelively.org http://intellidataserver1.intellidata.tech/ *.jotfor.ms cdnjs.cloudflare.com js.jotform.com secure.networkmerchants.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com maps.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com; worker-src 'self' blob: 1 frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-LWP25Pnk+coEQxV5SXKwIW/5' 'nonce-kUbLJTv2+RiC2W2drhIIJH54' 'nonce-Pw04viQIUV8KYkAjTtGpYKyB' 'nonce-9BJtRf3UpNcfmS0ovWPKuyv5' 'nonce-8pcFWuSx+8f74xW7QTW6106z' 'nonce-DbIBsQEPdufuTPrn2XPZTJnw' 'nonce-CoDS7BAVhH9zCvvRqzrHdTTf' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com ccclib.bibliocms.com *.ccclib.bibliocms.com https://ccclib.org ccclib.org *.ccclib.org; 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-7a0c4735f4928409681e7bb3e2f0f724' 'nonce-9e77c5a9a7375d0d11b793ddea295e02' 'nonce-03145dc7e44beb9c02c4e9276455f31d' 'nonce-b93c53280591582c99e45be3dfc5c777' 'nonce-3d122930ba665b058f89993a685c6bec' 'nonce-c408484e9530714941b27b52749de795' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7a0c4735f4928409681e7bb3e2f0f724' 'nonce-9e77c5a9a7375d0d11b793ddea295e02' 'nonce-03145dc7e44beb9c02c4e9276455f31d' 'nonce-b93c53280591582c99e45be3dfc5c777' 'nonce-3d122930ba665b058f89993a685c6bec' 'nonce-c408484e9530714941b27b52749de795' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'self'; default-src 'none'; connect-src 'self' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.bootstrapcdn.com https:; img-src 'self' data: https:; font-src 'self' data: application fonts.gstatic.com https:; form-action 'self'; object-src 'self'; media-src 'self'; child-src 'self' *.cookiebot.com google.com https:; \ 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kdl.bibliocms.com *.kdl.bibliocms.com https://kdl.org kdl.org *.kdl.org; 1 frame-ancestors 'self' google.com 1 frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1 default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self'; style-src 'self' 'unsafe-inline' 1 default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src *; style-src * 'unsafe-inline'; 1 default-src 'self' https://*.sendpulse.com https://*.doubleclick.net https://*.datatables.net; font-src 'self' data: https://yeni.iskultur.com.tr https://*.sendpulse.com https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://unpkg.com https://*.alexametrics.com https://connect.facebook.net https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.iskultur.com.tr https://*.sendpulse.com https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com https://*.placeholder.com https://*.doubleclick.net https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://online.flippingbook.com/ https://www.facebook.com https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com https://www.youtube.com https://bid.g.doubleclick.net/ https://www.youtube.com https://sanalpos.isbank.com.tr/ https://*.yandex.ru https://www.facebook.com https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr https://*.yandex.ru https://www.google-analytics.com https://*.sendpulse.com https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://*.googleapis.com https://www.google-analytics.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com/ https://manager.eu.smartlook.com/ https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1 default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-152cc2aac38dd3fb76f28698aed56be7' 'nonce-ee4848aef805156b7c9cfb0bc70a07d8' 'nonce-3ef32e43459f17bd81dee7cbe82af0b2' 'nonce-8fb0aae5616f8b5401a15942e94e5ab6' 'nonce-c6b2368d087f6e107882ce0a858907f3' 'nonce-45ab34012f13a84b564ee1b5c151571a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-152cc2aac38dd3fb76f28698aed56be7' 'nonce-ee4848aef805156b7c9cfb0bc70a07d8' 'nonce-3ef32e43459f17bd81dee7cbe82af0b2' 'nonce-8fb0aae5616f8b5401a15942e94e5ab6' 'nonce-c6b2368d087f6e107882ce0a858907f3' 'nonce-45ab34012f13a84b564ee1b5c151571a' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src https: 'unsafe-eval' 'unsafe-inline';child-src * blob:; object-src 'none';img-src * blob: data: ws: wss: gap:;frame-ancestors 'self';connect-src * data: blob: 'unsafe-inline'; worker-src data: blob: 'unsafe-inline';font-src 'self' data: *;script-src * 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1 frame-ancestors self; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ui/1.13.1/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.4/jquery.touchSwipe.min.js https://www.tripadvisor.com/wejs https://www.googletagmanager.com/gtm.js https://cdns.eu1.gigya.com https://www.jscache.com https://snap.licdn.com https://cdn.hypemarks.com https://service.force.com https://www.tripadvisor.com https://c.evidon.com https://js-agent.newrelic.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://www.google-analytics.com https://maps.googleapis.com https://brand-ecommerce-assets.fusepump.com https://static.tacdn.com https://d.la1-c1-par.salesforceliveagent.com https://d.la2-c1-cdg.salesforceliveagent.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://googleads.g.doubleclick.net https://c.betrad.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://static.tacdn.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.0/css/font-awesome.min.css https://service.force.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https://px.ads.linkedin.com https://images.aws.nestle.recipes https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com data: https://static.tacdn.com https://l.evidon.com https://c.evidon.com https://www.google.com https://www.facebook.com https://www.google.co.in https://l.betrad.com; frame-src 'self' https://www.google.com/ https://cdns.eu1.gigya.com https://service.force.com https://brand-ecommerce-assets.fusepump.com https://cdn.hypemarks.com https://bid.g.doubleclick.net https://9796171.fls.doubleclick.net/ https://www.googletagmanager.com/ https://www.facebook.com/; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://cdns.eu1.gigya.com https://l.evidon.com https://www.google-analytics.com https://service.force.com https://maps.googleapis.com https://stats.g.doubleclick.net https://brand-ecommerce-api.fusepump.com https://api.tintup.com https://cognito-identity.us-east-1.amazonaws.com https://kinesis.us-east-1.amazonaws.com https://bam.nr-data.net https://digital-commerce-api-cdn.fusepump.com 1 frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1 script-src 'self'; object-src 'self' 1 default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com https://classic.bimobject.com https://admincontent.bimobject.com https://accounts.bimobject.com https://accounts-dev.ad.bimobject.com https://accounts-staging.ad.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1 child-src 'self' ; connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com; script-src-attr 'self' ; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.googleapis.com; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' ; upgrade-insecure-requests; 1 img-src 'self' ava.rmarchiv.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hsforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com a.opmnstr.com *.hotjar.com *.salemove.com *.glia.com redbook.listerhill.com connect.facebook.net *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com ssl.gstatic.com *.omappapi.com snap.licdn.com *.buzzsprout.com polyfill.io; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' a.omappapi.com www.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.groovecar.com *.salemove.com *.glia.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; img-src 'self' data: forms.hsforms.com forms-na1.hsforms.com *.craft-cdn.com www.facebook.com *.googletagmanager.com maps.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com track.hubspot.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; frame-src data: *.hotjar.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com listerhill.com *.google-analytics.com *.analytics.google.com *.google.com *.stripe.com ssl.gstatic.com *.omappapi.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.buzzsprout.com *.typeform.com *.salemove.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.salemove.com *.glia.com *.google-analytics.com *.analytics.google.com *.google.com fonts.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; connect-src 'self' wss: analytics.google.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.craftcms.com *.salemove.com *.glia.com *.twilio.com vc.hotjar.io api.opmnstr.com ssl.gstatic.com *.omappapi.com *.hotjar.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net api.hubapi.com api.craftcms.com translate.googleapis.com maps.googleapis.com 1 img-src ; media-src data:; 1 allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1 default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com 'self' 'unsafe-eval' 'nonce-38d17a9767be4cb99ed5663762f1e8d4'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://bimtrack.co/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://help.bimtrack.co data: https://bt03storage.blob.core.windows.net/; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com halifax.bibliocms.com *.halifax.bibliocms.com https://www.halifaxpubliclibraries.ca www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca; 1 default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://www.twitter.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; https://secure1.info.gov.hk 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/; object-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; frame-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; 1 default-src 'self'; base-uri 'self'; connect-src 'self' blob: https://public-api.jet-tankstellen.de https://autocomplete.search.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://vector.maps.ls.hereapi.com https://region1.google-analytics.com https://js.api.here.com https://vector.hereapi.com https://maps.googleapis.com https://1.base.maps.api.here.com https://2.base.maps.api.here.com https://3.base.maps.api.here.com https://4.base.maps.api.here.com https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://autocomplete.geocoder.api.here.com https://graphql.usercentrics.eu https://rum-collector-2.pingdom.net https://signature.venue.maps.api.here.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://js.api.here.com https://maxcdn.bootstrapcdn.com https://pro.fontawesome.com https://openapi.liqui-moly.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; img-src 'self' data: blob: https://js.api.here.com https://m1.liqui-moly.com https://www.jet.de https://www.jet-tankstellen.de https://region1.google-analytics.com https://maps.google.com https://maps.googleapis.com https://app.usercentrics.eu https://maps.gstatic.com https://openapi.liqui-moly.com https://liquimoly.cloudimg.io https://www.google-analytics.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' data: https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://maps.googleapis.com https://openapi.liqui-moly.com https://js.api.here.com https://1.base.maps.api.here.com https://2.base.maps.api.here.com https://3.base.maps.api.here.com https://4.base.maps.api.here.com https://www.google.com https://www.gstatic.com https://app.usercentrics.eu https://1.aerial.maps.api.here.com https://1.base.maps.api.here.com https://1.pano.maps.api.here.com https://1.traffic.maps.api.here.com https://ajax.googleapis.com https://app.usercentrics.eu https://js.api.here.com https://rum-static.pingdom.net https://www.google-analytics.com https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://pro.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://js.api.here.com https://openapi.liqui-moly.com; report-uri /nelmio/csp/report; worker-src 'self' blob: 1 script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1 object-src 'none; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1 default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1 default-src 'self' data:; frame-src 'self' data: player.vimeo.com www.youtube-nocookie.com js.stripe.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' maps.googleapis.com polyfill.io js.stripe.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com static.jquery.com fonts.googleapis.com; img-src 'self' data: host: maps.gstatic.com www.paypalobjects.com cdn.comptable-en-ligne.fr cdn2.comptable-en-ligne.fr expert-comptable-en-ligne.fr comptable-en-ligne.fr compta247.fr; media-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' data:; object-src 'none'; 1 default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com arapahoe.bibliocms.com *.arapahoe.bibliocms.com https://arapahoelibraries.org arapahoelibraries.org *.arapahoelibraries.org; 1 default-src 'self'; font-src 'self' * data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://mtgify.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://mtgify.org; connect-src 'self' https://mtgify.org https://www.googletagmanager.com https://www.google-analytics.com https://17lands.cdn.prismic.io 1 base-uri 'none';child-src 'none';connect-src 'self' https://noembed.com cdn-ukwest.onetrust.com geolocation.onetrust.com *.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.copper.co/platform/currencies;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com https://www.podbean.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://calendly.com recaptcha.net;img-src 'self' data: https://images.ctfassets.net/ https://videos.ctfassets.net/ https://cdn-ukwest.onetrust.com/ https://i.ytimg.com https://www.google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.co.uk/ads/ga-audiences https://bat.bing.com https://px.ads.linkedin.com https://*.onetrust.com https://ssl.gstatic.com https://www.gstatic.com https://ws.zoominfo.com/pixel/62fcf0b05087fb00901e129f;manifest-src 'self';media-src 'self' https://videos.ctfassets.net/;object-src 'none';prefetch-src 'self';script-src 'self' assets.calendly.com cdn-ukwest.onetrust.com recaptcha.net https://noembed.com/embed https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://bat.bing.com/ https://*.onetrust.com https://ws.zoominfo.com https://ads-twitter.com 'nonce-QBDETZmtCDBQfuB1ZpWOuQ==' ;style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1 frame-ancestors none; 1 default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1 frame-ancestors 'self' https://*.felgenoutlet.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.sejda.com *.polyfill.io *.sites-appleby.vuturevx.com https://sites-appleby.vuturevx.com *.doubleclick.net *.googleadservices.com *.licdn.com *.userway.org *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.googleapis.com *.fonts.net *.algolianet.com *.cookiepro.com data: ; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.tagmanager.google.com https://tagmanager.google.com *.fonts.net *.userway.org ; font-src 'self' *.fonts.net *.gstatic.com *.userway.org data: ; img-src 'self' *.onetrust.com *.adsymptotic.com *.linkedin.com *.google.je *.google.com *.googletagmanager *.google-analytics.com *.googleapis.com *.gstatic.com *.gravatar.com *.doubleclick.net *.userway.org data: ; connect-src 'self' *.onetrust.com *.cookiepro.com *.sejda.com *.oribi.io *.doubleclick.net *.google-analytics.com *.algolia.net *.algolianet.com *.userway.org data: ; frame-src 'self' *.google.com *.vimeo.com *.youtube.com *.buzzsprout.com *.vuturevx.com *.brightcove.net *.userway.org data: ; media-src *.userway.org; 1 frame-ancestors 'self' www.skaki64.gr skaki64.gr 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1 default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net plink-production.s3-eu-central-1.amazonaws.com plink-development.s3-eu-central-1.amazonaws.com; frame-ancestors 'none'; img-src 'self' *.mollie.com mollie.dev stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.in www.google.co.ma www.google.co.th www.google.co.uk www.google.com www.google.com.hk www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk play-lh.googleusercontent.com www.google-analytics.com www.gstatic.com www.facebook.com; script-src 'self' www.google-analytics.com www.googleadservices.com ajax.googleapis.com connect.facebook.net 'nonce-fu5H8bE3z60Ju+jsJ7S4Fw=='; style-src 'self' 'unsafe-inline'; report-uri https://o29109.ingest.sentry.io/api/5384345/security/?sentry_key=70667fd3313e41ae8a6af1ac55828e78&sentry_environment=prod 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://form.simpleshop.cz https://static.addtoany.com https://www.googletagmanager.com https://pohodovamatematika.sk https://googleads.g.doubleclick.net https://sk.search.etargetnet.com; img-src 'self' data: https://www.addtoany.com/; object-src 'self' data: https://form.simpleshop.cz https://www.addtoany.com/; frame-src 'self' data: https://form.simpleshop.cz https://www.addtoany.com/; 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io;base-uri 'self';report-uri /csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/ https://bcdn.znovuspolu.com/ https://www.znovuspolu.sk/ https://www.znovuspolu.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://bcdn.znovuspolu.com/ https://www.znovuspolu.sk/ https://s.w.org/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://bcdn.znovuspolu.com/ https://www.znovuspolu.sk/ https://www.znovuspolu.com/ https://accounts.google.com/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://bcdn.znovuspolu.com/ https://www.znovuspolu.sk/ https://www.znovuspolu.com/ https://accounts.google.com/; 1 default-src 'none'; script-src 'self'; connect-src: 'self'; img-src: 'self'; style-src: 'self'; 1 default-src 'self' https:; media-src 'self'; font-src 'self' https://d3dc1lgancj6l0.cloudfront.net https://fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://consent.cookiefirst.com; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com; frame-src 'self' https:; frame-ancestors 'self' https: 1 default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1 base-uri 'none';child-src 'none';connect-src 'self' https://receiver.emkt.dinamize.com https://ekr.zdassets.com https://ccxp.zendesk.com/ https://ve29m388b3.execute-api.us-east-1.amazonaws.com/ https://ft883zhg65.execute-api.us-east-1.amazonaws.com/ http://ccxpinsttypesense-alb-dev-2097462822.us-east-1.elb.amazonaws.com:80/ https://ccxpInstTypesense-alb-production-1700081350.us-east-1.elb.amazonaws.com:80/ https://staging-typesense.ccxp.com.br:443/ https://typesense.ccxp.com.br/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://cdn.assistive.com.br/ https://events.assistive.com.br/ https://cdn.acsbapp.com/ https://process.acsbapp.com/ https://settings.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com/ https://api-preview.luckyorange.com/ https://in.visitors.live/ https://pubsub.googleapis.com/ https://omelete-ccxp-2023-backend.luego-labs.com.br/ https://inscricoes-teste.ccxp.com.br/ http://localhost/ http://localhost:3000/ http://localhost:1337/ http://127.0.0.1:1337/ http://localhost:8108/ http://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com https://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com http://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23-dev-files.s3.amazonaws.com/ https://ccxp23-production-files.s3.amazonaws.com/ https://new.ccxp.com.br/ https://cms.ccxp.com.br/ http://ccxpinstcms-alb-dev-1965450923.us-east-1.elb.amazonaws.com/;default-src 'self';font-src 'self' data: https://fonts.gstatic.com/ https://cdn.assistive.com.br/ https://acsbapp.com/;form-action 'self' http://ccxpinstfront-alb-dev-1094559153.us-east-1.elb.amazonaws.com/ https://ccxpinstfront-alb-dev-1094559153.us-east-1.elb.amazonaws.com/ https://new.ccxp.com.br/ https://ccxp.com.br/;frame-ancestors 'none';frame-src https://www.youtube.com/ https://player.vimeo.com/ https://optimize.google.com/ https://www.google.com/ https://view.genial.ly/ https://flo.uri.sh/ https://player.twitch.tv/ https://13204549.fs.doubleclick.net/;img-src 'self' data: https://i.ytimg.com/ https://i.vimeocdn.com/ https://receiver.emkt.dinamize.com/ https://www.google.com/ https://www.google.com.br/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://optimize.google.com/ https://cdn.assistive.com.br/ https://cdn.acsbapp.com/ https://acsbapp.com/ https://ajuda.ccxp.com.br/ https://ad.doubleclick.net/ https://adservice.google.com/ http://localhost/ http://localhost:3000/ http://localhost:1337/ http://127.0.0.1:1337/ http://localhost:8108/ http://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com https://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com http://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23-dev-files.s3.amazonaws.com/ https://ccxp23-production-files.s3.amazonaws.com/ https://new.ccxp.com.br/ https://cms.ccxp.com.br/ http://ccxpinstcms-alb-dev-1965450923.us-east-1.elb.amazonaws.com/;manifest-src 'self';media-src 'self' https://web1.acsbapp.com/ http://localhost/ http://localhost:3000/ http://localhost:1337/ http://127.0.0.1:1337/ http://localhost:8108/ http://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com https://ccxpInstCMS-alb-production-778858532.us-east-1.elb.amazonaws.com http://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23core-alb-dev-605030595.us-east-1.elb.amazonaws.com/ https://ccxp23-dev-files.s3.amazonaws.com/ https://ccxp23-production-files.s3.amazonaws.com/ https://new.ccxp.com.br/ https://cms.ccxp.com.br/ http://ccxpinstcms-alb-dev-1965450923.us-east-1.elb.amazonaws.com/;object-src 'none';prefetch-src 'self';script-src 'unsafe-eval' 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://cdn.assistive.com.br/ https://www.googleanalytics.com/ https://www.google-analytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://acsbapp.com/ https://tools.luckyorange.com/ https://www.google.com/ https://www.gstatic.com/ https://view.genial.ly/;style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://fonts.googleapis.com/ https://cdn.assistive.com.br/;worker-src 'self' blob:; 1 frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com https://www.google-analytics.com/analytics.js; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net; img-src 'self' data: shielded.co.nz i.ytimg.com staticcdn.co.nz; style-src 'self' 'unsafe-inline'; font-src 'self' data: staticcdn.co.nz; frame-src 'self' www.youtube.com www.google.com staticcdn.co.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de https://*.usercentrics.eu; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data: https://*.usercentrics.eu; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net https://*.usercentrics.eu; manifest-src 'self' 1 frame-ancestors https://*.mediamarkt.se 'self'; 1 default-src 'none'; script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com aclibrary.bibliocms.com *.aclibrary.bibliocms.com https://aclibrary.org aclibrary.org *.aclibrary.org; 1 default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; frame-src 'self' *.powerbi.com *.twitter.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com *.browsealoud.com *.reciteme.com https://open.spotify.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.reciteme.com *.browsealoud.com *.speechstream.net *.googletagmanager.com *.google-analytics.com https://wikisum.texthelp.com/ https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * 'self' https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://www.browsealoud.com https://plus.browsealoud.com https://upload.wikimedia.org https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net data:; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html *.reciteme.com; connect-src 'self' blob: *.browsealoud.com https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://babm.texthelp.com https://*.speechstream.net *.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' blob: https://*.speechstream.net *.reciteme.com; font-src 'self' 'unsafe-inline' *.reciteme.com *.typekit.net *.flaticon.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.reciteme.com *.typekit.net *.flaticon.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net; object-src 'self' blob: *.reciteme.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com smcl.bibliocms.com *.smcl.bibliocms.com https://smcl.org smcl.org *.smcl.org; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com chandler.bibliocms.com *.chandler.bibliocms.com https://chandlerlibrary.org chandlerlibrary.org *.chandlerlibrary.org; 1 default-src 'self' *.ctctcdn.com *.google.com *.constantcontact.com *.gstatic.com maps.googleapis.com *.usersnap.com *.google-analytics.com *.newrelic.com *.nr-data.net; script-src 'self' 'unsafe-inline' *.ctctcdn.com *.google.com *.gstatic.com cdnjs.cloudflare.com maps.googleapis.com *.usersnap.com cdn.rawgit.com *.googletagmanager.com *.google-analytics.com *.newrelic.com *.nr-data.net; style-src 'self' 'unsafe-inline' *.typekit.net *.ctctcdn.com fonts.googleapis.com cdnjs.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.usersnap.com raw.githubusercontent.com cdn.rawgit.com *.google-analytics.com *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com; font-src 'self' *.typekit.net fonts.gstatic.com *.bootstrapcdn.com; report-uri /report-csp-violation 1 script-src 'self' https://piwik.bzga.de 'unsafe-inline'; img-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://cdn.cookielaw.org 1 default-src 'self' *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud; frame-src 'self' *.microsoftonline.com *.powerbi.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=yTPDecexIz4gX5udAk8ba/1f0uk7og3BmKYMQWm6SWjz8xnZY/rAoA== 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 https://adsapi.jacobin.de https://api.jacobin.de https://shop.jacobin.de https://analyse.jacobin.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' data:;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://adsapi.jacobin.de https://api.jacobin.de https://shop.jacobin.de https://analyse.jacobin.de;style-src 'self' 'unsafe-inline'; 1 report-uri /admin/config/system/seckit/csp-report 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com slpl.bibliocms.com *.slpl.bibliocms.com https://www.slpl.org www.slpl.org *.www.slpl.org; 1 default-src 'self'; style-src 'self' 'unsafe-inline' *; script-src 'self'; object-src 'none'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; connect-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'none' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com; child-src 'self' https://www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1 child-src 'self' ; connect-src 'self' m.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' s7.addthis.com pixel.mathtag.com *.adsrvr.org *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' data: pixel.mathtag.com *.g.doubleclick.net www.glassdoor.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' z.moatads.com v1.addthisedge.com m.addthis.com cdn.jsdelivr.net js.adsrvr.org platform.linkedin.com www.bugherd.com pixel.mathtag.com *.hotjar.com s7.addthis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' z.moatads.com v1.addthisedge.com m.addthis.com cdn.jsdelivr.net js.adsrvr.org platform.linkedin.com www.bugherd.com pixel.mathtag.com *.hotjar.com s7.addthis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com; style-src-attr 'self' 'unsafe-inline' ; worker-src 'self' ; upgrade-insecure-requests; 1 frame-ancestors 'self' piwik.betaalvereniging.nl; 1 base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1 default-src 'self'; img-src 'self$ 1 base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.cdkeybay.com *.vanilla.digital *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.youtube.com *.cloudflare.com *.doubleclick.net *.ytimg.com; 1 default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1 frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com https://maps.googleapis.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com; object-src 'none'; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://maps.googleapis.com https://js.hsforms.net/forms/v2.js 'report-sample' 'unsafe-inline' 'nonce-xZxeZe4cUq/4A/f2VW6arA=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1 default-src: none; 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1 default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src 'self'; connect-src 'self' https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com; font-src 'self' data:; form-action 'self' https://www.corporatetravel.ctrip.com/corpservice/authorize/login https://www.cwt-online.com.cn/TicketClient/User/SSOLogin.aspx https://ct.ctrip.com/corpservice/authorize/login https://vsp.jd.com/strust/login https://user-vsp.jd.com/ https://trip-hisv.taobao.com/ding/trustLogin.htm https://admin.alibtrip.com https://travel.alibtrip.com https://market.m.taobao.com https://market.m.alibtrip.com https://ai.alimebot.taobao.com https://login.m.taobao.com https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com; frame-ancestors 'self'; frame-src https: blob: 'self' https://route.cloudpense.com https://avision.cloudpense.com https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com; worker-src 'self'; img-src https://api.cloudpense.com https://hwapi.cloudpense.com https://openapi.cloudpense.com https://aliapi.cloudpense.com 'self' data: blob: https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com https://images.bthhotels.com https://foto.hrsstatic.com https://dimg04.c-ctrip.com https://pavo.elongstatic.com https://atour-east.qiniu.yaduo.com; media-src 'self' https://video-public.s3.cn-north-1.amazonaws.com.cn; object-src blob:; script-src 'self' 'unsafe-inline' https://cloudpense.s3.cn-north-1.amazonaws.com.cn https://*.id.opendns.com https://cptmp.s3.cn-north-1.amazonaws.com.cn https://cpuae.s3.cn-north-1.amazonaws.com.cn https://cprmy.s3.cn-north-1.amazonaws.com.cn https://cpadx.s3.cn-north-1.amazonaws.com.cn https://cloudpenseforremy.s3.cn-north-1.amazonaws.com.cn https://cpdcj.s3.cn-north-1.amazonaws.com.cn https://cpnlt.s3.cn-north-1.amazonaws.com.cn https://cpkgf.s3.cn-north-1.amazonaws.com.cn https://cppxc.s3.cn-north-1.amazonaws.com.cn https://cphsf.s3.cn-north-1.amazonaws.com.cn https://cpjrc.s3.cn-north-1.amazonaws.com.cn https://cpnpp.s3.cn-north-1.amazonaws.com.cn https://cpwhx.s3.cn-north-1.amazonaws.com.cn https://cpssf.s3.cn-north-1.amazonaws.com.cn https://cpcfg.s3.cn-north-1.amazonaws.com.cn https://cpevc.s3.cn-north-1.amazonaws.com.cn https://cplgg.s3.cn-north-1.amazonaws.com.cn https://cpshw.s3.cn-north-1.amazonaws.com.cn https://cpjsb.s3.cn-north-1.amazonaws.com.cn https://cpdfc.s3.cn-north-1.amazonaws.com.cn https://cpzzz.s3.cn-north-1.amazonaws.com.cn https://cpcea.s3.cn-north-1.amazonaws.com.cn https://cpfsn.s3.cn-north-1.amazonaws.com.cn https://cphxw.s3.cn-north-1.amazonaws.com.cn https://cpzto.s3.cn-north-1.amazonaws.com.cn https://s3ssf.cloudpense.com https://oss-sh.innoventbio.com https://budget-control-oss-sh.innoventbio.com https://cpdfc.obs.cn-east-3.myhuaweicloud.com https://hwobs-prd.obs.cn-east-3.myhuaweicloud.com https://cpdfc01.obs.cn-east-3.myhuaweicloud.com https://*.cloudpense.com https://cloudpense-simcere.isimcere.com https://expense.3sbio.com https://jianyuefeikong.obs.cn-east-3.myhuaweicloud.com https://exp.mabwell.com https://3s-feikong-gj.oss-cn-shanghai-internal.aliyuncs.com https://expensegj.3sbio.com https://cp-sanhome.s3.cn-north-1.amazonaws.com.cn https://ossfeikongprd.fosunpharmasales.com https://invpool.junshipharma.com https://cloudpense.natonmed.cn https://cphrstw.s3.ap-southeast-1.amazonaws.com https://hsk-pense.s3.cn-north-1.amazonaws.com.cn https://pay-oss.fosunpharma.com https://feikong-health.oss-cn-shanghai.aliyuncs.com https://pay-oss.fosunhealth.com https://ossa.superamoytop.com; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com googletagmanager.com https:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' fonts.gstatic.com data:; connect-src 'self' www.google-analytics.com 1 default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1 default-src 'self' https://dev.shop.bzga.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bzga.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1 font-src 'self'; 1 default-src 'self' *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net chatbot.it.bund.de www9.idev.nrw.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ chatbot.it.bund.de www9.idev.nrw.de *.arcgis.com data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; frame-ancestors 'self'; 1 default-src https://piwik.bzga.de/piwik.js 'self' 'unsafe-inline'; img-src https://piwik.bzga.de/ https://i.ytimg.com/ 'self' data:; connect-src https://piwik.bzga.de/ 'self'; font-src 'self' data:; frame-src https://www.drugcom.de/ https://www.youtube-nocookie.com/ 1 default-src 'self' data: wss: *.globenewswire.com *.hotjar.io *.bugsnag.com *.doubleclick.net *.hotjar.com *.bugherd.com *.google-analytics.com *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cloudfront.net ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.bugherd.com *.hotjar.com *.google-analytics.com snap.licdn.com sessions.bugsnag.com unpkg.com *.twitter.com *.twimg.com blob: data:; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com *.cloudfront.net cdnjs.cloudflare.com unpkg.com *.cloudfront.net *.twitter.com; img-src 'self' *.linkedin.com *.google.com *.google-analytics.com *.cloudfront.net *.twitter.com px.ads.linkedin.com p.adsymptotic.com bugherd-attachments.s3.amazonaws.com *.twimg.com data:; font-src 'self' data: *.bugherd.com fonts.googleapis.com fonts.gstatic.com *.cloudfront.net 1 default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1 frame-ancestors https://app.storyblok.com/ 1 default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app 1 *.cookieyes.com cdn-cookieyes.com 1 default-src 'self';script-src 'self' 'nonce-YkQ4O8f/onRifFEXrlW+SdgkD7U9bmYukQ3cTOxcrJQ=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com; object-src 'none'; connect-src 'self' *.google-analytics.com *.doubleclick.net; img-src 'self' data: *.google-analytics.com *.google.com *.google.com.* *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com; media-src *;base-uri 'self';form-action 'self';frame-ancestors 'self'; frame-src 'self' *.google.com; font-src 'self' *.googleapis.com *.gstatic.com *.google.com; 1 default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1 default-src 'self' *.489pro.com *.facebook.com *.jal.co.jp *.tour-list.com *.knt.co.jp; style-src 'self' 'unsafe-inline' *.nta.co.jp *.google.com *.google.co.jp *.googleapis.com *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.489pro.com *.jquery.com *.nta.co.jp *.knt.co.jp polyfill.io *.cloudflare.com *.jsdelivr.net *.google.com *.google.co.jp *.googleapis.com *.googletagmanager.com *.google-analytics.com polyfill.io; img-src 'self' *.nta.co.jp *.knt.co.jp *.google.com *.google.co.jp artory.dev data: ; frame-src 'self' *.facebook.com *.jal.co.jp *.youtube.com *.youtu.be *.knt.co.jp *.google.com *.google.co.jp font-src 'self' *.gstatic.com; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1 default-src 'self' script-src 'self' google-analytics.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com *.cookielaw.org data:; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com omaha.bibliocms.com *.omaha.bibliocms.com https://omahalibrary.org omahalibrary.org *.omahalibrary.org; 1 default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1 default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com; frame-src 'self' https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com data:; media-src 'self' https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 1 frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1 font-src img.ui-portal.de; frame-ancestors https://*.web.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.ui-portal.de js.ui-portal.de s.uicdn.com uim.tifbs.net https://dl.web.de https://plus.web.de; style-src 'self' 'unsafe-inline' js.ui-portal.de s.uicdn.com 1 img-src *; default-src 'self' *.one.network https://ukwest-0.in.applicationinsights.azure.com//v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1 frame-ancestors 'self'; script-src 'nonce-86b037020dfa7398d50b34d044a01e8e' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com ; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 default-src 'self' 'unsafe-inline' *.civiccomputing.com *.google-analytics.com *.googletagmanager.com *.typekit.net *.youtube.com; script-src 'self' 'unsafe-inline' *.civiccomputing.com *.google-analytics.com *.googletagmanager.com *.typekit.net *.youtube.com; style-src 'self' 'unsafe-inline' *.civiccomputing.com *.google-analytics.com *.googletagmanager.com *.typekit.net *.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' *.enrollvb.com enrollvb.com 1 frame-ancestors 'self' https://*.etracker.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com https://chpl.org chpl.org *.chpl.org; 1 X-Content-Security-Policy script-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://www.general-security.gov.lb 'unsafe-inline'; connect-src 'self' https://www.general-security.gov.lb 'unsafe-inline' 1 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 1 policy-uri /text/x-strana/9223 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://*.googletagmanager.com *.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com 'nonce-ZjcyYzdmYTBhYzc3MDk0MjM5YjVmZTQyOTI1MjQ5ZWFiNGNjMjIwNTc2NmFmYzg3MjdjZTA0MTRkNDY1MWU2Y2ZkZjYxNjUwODc5NjllOWFjNWQ1YTZjZGVjMzJlN2M4ZWE2OGQ3YTk3ZWVlZGQwYTc4ZDAyOTc1NDVhMWM0YjI=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1 default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1 default-src 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' data.pendo.io pendo-static-4855106659811328.storage.googleapis.com; frame-ancestors app.pendo.io; frame-src 'self' ; child-src ; sandbox allow-forms allow-same-origin allow-scripts allow-popups; style-src 'self' 'sha256-3ITP0qhJJYBulKb1omgiT3qOK6k0iB3rMDhGfpM8b7c=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' app.pendo.io cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com; script-src 'self' app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; img-src 'self' cdn.pendo.io app.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; 1 default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1 script-src 'self' https://cdn.matomo.cloud https://kielikello.disqus.com https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com https://v1.addthis.com https://v1.addthisedge.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1 frame-ancestors 'self' decisely.com *.decisely.com 1 frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1 default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1 default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com *.playplay.com; img-src * data:; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com https://snap.licdn.com cookie-cdn.cookiepro.com cdn.matomo.cloud; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inphota.com kit.fontawesome.com www.googletagmanager.com consent-manager.metomic.io consent-manager.confirmic.com platform.twitter.com syndication.twitter.com static.ads-twitter.com cdn.syndication.twimg.com analytics.twitter.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.googleadservices.com www.google.com www.google.ae https://www.gstatic.com/recaptcha/ connect.facebook.net aff.bstatic.com *.algolianet.com *.algolia.net ; report-uri https://www.inphota.com/en/security/csp-report; style-src 'self' 'unsafe-inline' *.inphota.com fonts.googleapis.com kit.fontawesome.com ka-f.fontawesome.com kit-free.fontawesome.com cdnjs.cloudflare.com translate.googleapis.com fast.fonts.net ; img-src data: blob: *; font-src fonts.gstatic.com ka-f.fontawesome.com kit-free.fontawesome.com fast.fonts.net; connect-src 'self' wss: *.inphota.com kit.fontawesome.com ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net api.rollbar.com *.inphota.com *.facebook.com *.algolia.net *.algolianet.com apipub.metomic.io apipub.confirmic.com cdn.plot.ly translate.googleapis.com t.co ; frame-src 'self' *.inphota.com www.facebook.com www.booking.com https://www.google.com/recaptcha/ www.youtube.com veloviewer.com translate.google.com www.googletagmanager.com ; frame-ancestors 'self' *.inphota.com adsc.ae www.adsc.ae therakhalfmarathon.com www.therakhalfmarathon.com cyclechallenge.ae www.cyclechallenge.ae abudhabi.triathlon.org 1 default-src 'unsafe-inline' 'self' data: *.eru.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz datawrapper.dwcdn.net; report-uri /report-csp-violation 1 object-src 'self'; 1 frame-ancestors https://*.cpcworldwide.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://i.ytimg.com data:; object-src 'self' data:; frame-src 'self' *.youtube.com *.youtube-nocookie.com https://consentcdn.cookiebot.com https://www.krone-trailer.com https://publish.flyeralarm.digital; script-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://consentcdn.cookiebot.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' *.youtube.com *.youtube-nocookie.com; 1 default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1 base-uri 'none'; default-src 'self'; child-src https://static.addtoany.com http://static.addtoany.com static.addtoany.com https://online.myphotoproducts.co.za https://online.myphotoproducts.co.za; connect-src 'self' https://stats.addtoany.com http://stats.addtoany.com stats.addtoany.com https://myphotoproducts.co.za; font-src 'self' https://myphotoproducts.co.za; frame-src https://static.addtoany.com http://static.addtoany.com static.addtoany.com https://online.myphotoproducts.co.za; img-src 'self' https://myphotoproducts.co.za http://myphotoproducts.co.za myphotoproducts.co.za https://myphotoproducts.co.za https://online.myphotoproducts.co.za http://www.myphotoproducts.co.za blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://ajax.googleapis.com http://ajax.googleapis.com ajax.googleapis.com https://*.addtoany.com http://*.addtoany.com *.addtoany.com https://myphotoproducts.co.za 'nonce-f9766a19a836d732bcc63f7eb75377c3a5aaba84db9e4cbbea1a71169bca17866cf380a0396d2811a82cda9d4210443e6470dfbbd219a23074788160b7e08592' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://myphotoproducts.co.za 'unsafe-inline'; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:* 1 frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 1 allow 'self'; frame-ancestors dev.togostanza.org 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.reachmee.com/; img-src 'self' data: ; object-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; frame-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; 1 report-uri //report-csp-violation 1 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.devacaalpha.com *.compliancealpha.com *.compliancealpha.support 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ 'nonce-168593275801400' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 font-src 'self' data:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 1 worker-src 'self' 'unsafe-inline' blob: https://www.datadoghq-browser-agent.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://mfh-prod.azureedge.net/assurantrenters/home/js/scripts.min.js https://www.datadoghq-browser-agent.com https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com https://www.googleoptimize.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://consent.trustarc.com https://mfh-prod.azureedge.net https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com https://optimize.google.com https://www.googleoptimize.com; img-src * 'self' data: https:; child-src https://mfhcms.assurant.com https://www.datadoghq-browser-agent.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com; frame-src https://consent-pref.trustarc.com https://optimize.google.com https://www.googleoptimize.com https://dispawsusva.inmoment.com 1 frame-src 'self' https://calendly.com https://cdn.affinipay.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src * 'self' blob: data:; 1 frame-ancestors https://www.transgourmet.at https://transgourmet.at https://nex.mutor.at https://nex.transgourmet.at 1 frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1 default-src 'self'; style-src 'self' 'unsafe-inline' 1 default-src 'self' localhost maps.googleapis.com themes.googleusercontent.com fonts.gstatic.com googleads.g.doubleclick.net ads.optad360.com http://ads.optad360.com csync.smartadserver.com secure-assets.rubiconproject.com ec-ns.sascdn.com track.adform.net api.deep.bi ls.hit.gemius.pl securepubads.g.doubleclick.net *.safeframe.googlesyndication.com safeframe.googlesyndication.com googlesyndication.com *.googlesyndication.com *.gstatic.com *.cloudflare.com; block-all-mixed-content; frame-src googlesyndication.com *.googlesyndication.com pagead2.googlesyndication.com *.hit.gemius.pl *.gemius.pl *.rubiconproject.com *.smartadserver.com *.sascdn.com googleads.g.doubleclick.net; img-src 'self' data: blob: google-analytics.com www.google-analytics.com fonts.googleapis.com maps.google.com *.gstatic.com maps.googleapis.com adx.adform.net www3.smartadserver.com creatives.sascdn.com ad.doubleclick.net pixel.adsafeprotected.com x.bidswitch.net cm.g.doubleclick.net d5p.de17a.com sync.clickonometrics.pl ib.adnxs.com ma.wp.pl cm.adgrx.com cm.adform.net c1.adform.net server.seadform.net sync-eu.exe.bid track.adform.net sync.bumlam.com s1.adform.net pre.glotgrx.com dt.adsafeprotected.com pro.hit.gemius.pl gremimedia.pl cdn.uwazamrze.pl stats.g.doubleclick.net ced-ns.sascdn.com www.google.com www.google.pl *.google.com *.google.pl googlesyndication.com *.googlesyndication.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.historia.uwazamrze.pl fonts.googleapis.com *.gstatic.com maps.google.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com ced.sascdn.com ced-ns.sascdn.com s1.adform.net adx.adform.net pagead2.googlesyndication.com adservice.google.com googleads.g.doubleclick.net www3.smartadserver.com adservice.google.pl pixel.yabidos.com pixel.adsafeprotected.com track.adform.net static.adsafeprotected.com code.createjs.com radar.cedexis.com cdn.rp.pl cdn.uwazamrze.pl www.youtube.com s.ytimg.com api.deep.bi sync.smartadserver.com gapl.hit.gemius.pl securepubads.g.doubleclick.net googletagservices.com *.googletagservices.com googlesyndication.com *.googlesyndication.com ampproject.org *.ampproject.org *.2mdn.net *.evidon.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com blob: cdn.rp.pl cdn.uwazamrze.pl 1 frame-ancestors 'self' https://*.salesforce.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ubuntu.pl; img-src 'self' data: https://ubuntu.pl https://s.w.org; object-src 'self' data: https://ubuntu.pl; frame-src 'self' data: https://ubuntu.pl; 1 frame-ancestors 'self' eventmobi.com experience.eventmobi.com *.eventmobi.com * 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fcmanrique.org https://*.fcmanrique.org https://maps.googleapis.co https://*.fontawesome.com https://*.google.com https://code.jquery.com https://*.gstatic.com/ https://pagead2.googlesyndication.com/; img-src 'self' data: blob: https://fcmanrique.org https://*.fcmanrique.org blob:https://fcmanrique.org blob:https://*.fcmanrique.org https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.comlh6.ggpht.com https://cbk0.googleapis.com https://cbks0.googleapis.com https://khm0.googleapis.com https://khm1.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com; object-src 'self' data: blob: https://www.google.com; frame-src 'self' data: blob: https://www.google.com; 1 frame-ancestors 'self' *.kapow.com *.cvent.com http://*.cvent.com *.kapownp.com http://*.kapow.com:*; 1 frame-ancestors https://www.twoa.ac.nz 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com *.hotjar.com wss://*.hotjar.com 1 default-src 'none'; img-src 'self'; script-src 'self'; 1 default-src 'self' https://cdn.ons.gov.uk; font-src 'self' https://fonts.gstatic.com https://cdn.ons.gov.uk; script-src 'self' *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://cdn.ons.gov.uk; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://cdn.ons.gov.uk; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://cdn.ons.gov.uk; frame-src https://www.youtube.com https://www.googletagmanager.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.ons.gov.uk 1 allow 'self' 1 default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1 script-src 'self' 'nonce-eYGB1FC45t7ArxpgjSilwNZ2' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://static.ctctcdn.com *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1 script-src 'unsafe-inline' *.aimmune.com www.google.com google.com *.googletagmanager.com polyfill.io cdn.polyfill.io *.fontawesome.com *.google-analytics.com *.doubleclick.net *.gstatic.com;base-uri 'self'; object-src 'none'; frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' *.youtube.com *.typekit.net *.google-analytics.com fonts.gstatic.com data: 1 frame-ancestors saint-gobain.wmh-demos.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com; script-src 'strict-dynamic' 'nonce-5307a0afb3a3b5a9283639ca917b072b' 'nonce-ed58bef9d9d2c8d74fd441689c558e6f' 'nonce-607d9c208893dfdf906479e26fc4ac0b' 'nonce-66bbab2b84e6812d390ebe00659deb27' 'nonce-bd55b63ae1e915300312d6363eef6d69' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5307a0afb3a3b5a9283639ca917b072b' 'nonce-ed58bef9d9d2c8d74fd441689c558e6f' 'nonce-607d9c208893dfdf906479e26fc4ac0b' 'nonce-66bbab2b84e6812d390ebe00659deb27' 'nonce-bd55b63ae1e915300312d6363eef6d69' 'self' 'unsafe-inline' https: 'report-sample' 1 child-src 'self' ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: *.hotjar.io www.facebook.com *.hotjar.com consent.api.osano.com js.calltrk.com cdn.acsbapp.com cdn.linkedin.oribi.io tags.srv.stackadapt.com tattle.api.osano.com sonix.ai *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' acsbapp.com bioagilytixv2.kinsta.cloud data: *.gstatic.com *.bootstrapcdn.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' www.facebook.com; frame-src 'self' js.driftt.com www.facebook.com *.dayforcehcm.com player.vimeo.com www.youtube.com omny.fm newassets.hcaptcha.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' ib.adnxs.com eb2.3lift.com sync.taboola.com image2.pubmatic.com ups.analytics.yahoo.com us-u.openx.net sync.outbrain.com pixel.rubiconproject.com idsync.rlcdn.com x.bidswitch.net dsum-sec.casalemedia.com *.g.doubleclick.net cdn.acsbapp.com *.adroll.com *.facebook.com tr-rc.lfeeder.com alb.reddit.com tags.srv.stackadapt.com bat.bing.com *.ads.linkedin.com pbs.twimg.com i.vimeocdn.com www.omnycontent.com i.ytimg.com bioagilytixv2.kinsta.cloud data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' sonix-ai.s3.amazonaws.com; navigate-to 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' qvdt3feo.com lex.33across.com go.bioagilytix.com js.calltrk.com pi.pardot.com js.driftt.com connect.facebook.net www.clickcease.com tags.srv.stackadapt.com acsbapp.com lftracker.leadfeeder.com www.redditstatic.com *.adroll.com snap.licdn.com *.hotjar.com bat.bing.com cdn.calltrk.com cmp.osano.com player.vimeo.com *.cloudfront.net sonix.ai cdnjs.cloudflare.com js.hcaptcha.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' qvdt3feo.com lex.33across.com go.bioagilytix.com js.calltrk.com pi.pardot.com js.driftt.com connect.facebook.net www.clickcease.com tags.srv.stackadapt.com acsbapp.com lftracker.leadfeeder.com www.redditstatic.com *.adroll.com snap.licdn.com *.hotjar.com bat.bing.com cdn.calltrk.com cmp.osano.com player.vimeo.com *.cloudfront.net sonix.ai cdnjs.cloudflare.com js.hcaptcha.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' tags.srv.stackadapt.com *.cloudfront.net sonix.ai maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' tags.srv.stackadapt.com *.cloudfront.net sonix.ai maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob: bioagilytixst.wpengine.com www.bioagilytix.com; upgrade-insecure-requests; 1 default-src 'none'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://*.vimeo.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com; img-src data: 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be https://*.ytimg.com https://i.vimeocdn.com/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://snapchat.com https://*.snapchat.com https://*.google.com https://*.google.be https://fonts.gstatic.com https://www.googletagmanager.com; manifest-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-AHQxS4bonDr4wBPeSo5jVw=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1 default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.hotjar.com *.hotjar.io; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com https://www.google.com https://zwinnatuurpark.formstack.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.io *.hotjar.com; report-uri /admin/config/system/seckit/csp-report 1 object-src 'none'; media-src 'none' 1 connect-src 'self' https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1 frame-ancestors 'self' https://issuevoter.org 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://www.googletagmanager.com/gtm.js?id=GTM-WNRP6BN https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ https://us01-apply.sabatalentlink.com/apply-app/static/talentportal/release/EDGE/talentportal-widgets-wcag.js https://us01-apply.sabatalentlink.com/; img-src 'self' data: https://use.fontawesome.com/ https://secure.gravatar.com/avatar/53bf99d0af00736932f840fb7306165e?s=26&d=mm&r=g https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ https://us01-apply.sabatalentlink.com/; object-src 'self' data: https://use.fontawesome.com/ https://us01-apply.sabatalentlink.com/; frame-src 'self' data: https://use.fontawesome.com/ https://us01-apply.sabatalentlink.com/; 1 default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com optanon.blob.core.windows.net; block-all-mixed-content; report-uri /nelmio/csp/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/; img-src 'self' data: https://www.google-analytics.com; object-src 'self' data: https://www.youtube.com/; frame-src 'self' data: https://www.youtube.com/; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kitsap.bibliocms.com *.kitsap.bibliocms.com https://www.krl.org www.krl.org *.www.krl.org; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com marinlibrary.bibliocms.com *.marinlibrary.bibliocms.com https://marinlibrary.org marinlibrary.org *.marinlibrary.org; 1 base-uri 'none';child-src 'none';connect-src 'self' https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://*.auth0.com/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://localhost:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors http://localhost:* https://polkastarter.gg https://www.polkastarter.gg;frame-src https://app.awardpool.com/ https://platform.twitter.com https://*.auth0.com/ https://embed.twitch.tv https://twitframe.com https://www.youtube.com/ https://player.twitch.tv https://player.vimeo.com/ https://www.instagram.com/ https://vercel.live http://embed.typeform.com https://form.typeform.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://cdn.vercel-insights.com;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1 default-src 'self' *.visualstudio.com *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; script-src 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; style-src 'unsafe-inline' *.visualstudio.com *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com;img-src data: * blob: *; font-src data: 'self'; connect-src 'self' api.raygun.io localhost:* *.visualstudio.com *.azurewebsites.net *.applicationinsights.azure.com wss://localhost:* *.igniterecognition.com igniterecognition.com wss://*.igniterecognition.com wss://igniterecognition.com; child-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com 1 default-src 'self' *.soundcloud.com *.sndcdn.com *.tepapa.govt.nz; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com tagmanager.google.com https://www.riddle.com/files/css/; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org script.hotjar.com https://www.googletagmanager.com https://i.ytimg.com; frame-src 'self' *.rezdy.com *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com script.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com stats.g.doubleclick.net https://www.catalyst-analytics.nz/piwik.php wss://ws*.hotjar.com surveystats.hotjar.io; report-uri /report-csp-violation 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 1 img-src 'self' data: https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://vimeocdn.com https://*.vimeocdn.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://*.hotjar.com; default-src 'self' https://beck-elibrary.de https://*.beck-elibrary.de https://cookiebot.com https://*.cookiebot.com https://google.com https://*.google.com https://gstatic.com https://*.gstatic.com https://vgwort.de https://*.vgwort.de https://googletagmanager.com https://*.googletagmanager.com https://vimeo.com https://*.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://google-analytics.com https://*.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect 'unsafe-inline'; frame-ancestors 'self' https://www.googletagmanager.com 1 font-src 'self' static.flatfy.com *.gstatic.com; frame-src 'self' www.google.com/recaptcha/ *.hotjar.com *.hotjar.io; script-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com *.google-analytics.com *.g.doubleclick.net www.google.com/ads/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' static.flatfy.com ajax.googleapis.com fonts.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.google-analytics.com *.hotjar.com *.hotjar.io wss:; default-src 'self' static.flatfy.com *.gstatic.com *.hotjar.com *.hotjar.io 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' sarthac.gov.in 10.3.0.45 127.0.0.1 localhost www.google.com www.youtube.com 10.244.91.80 ; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.amcharts.com https://connect.livechatinc.com https://www.facebook.com https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.facebook.net/ https://cdn.livechatinc.com https://*.livechatinc.com/ https://*.google.com/ https://*.gstatic.com/ https://*.youtube.com/ https://*.shipex.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com http://www.googleadservices.com http://www.google.com https://*.tiktok.com https://*.bamboohr.com https://cdn.callrail.com https://js.callrail.com; img-src 'self' data: https://*.facebook.com/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.google.com https://*.google.ba https://*.shipex.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://googleads.g.doubleclick.net http://www.google.com https://*.tiktok.com https://*.bamboohr.com; object-src 'self' data: https://*.facebook.com/ https://*.facebook.net/ https://*.hotjar.com/ https://*.livechatinc.com/ https://*.google.com/ https://*.youtube.com/ https://*.shipex.com/ https://*.tiktok.com https://*.bamboohr.com; frame-src 'self' data: https://*.facebook.com/ https://*.facebook.net/ https://*.hotjar.com/ https://*.livechatinc.com/ https://*.google.com/ https://*.youtube.com/ https://*.shipex.com/ https://*.tiktok.com https://*.bamboohr.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1 default-src 'self'; frame-src 'self' https://www.careopinion.org.uk/ https://padlet.com/ https://www.eventbrite.com/ *.twitter.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.eventbrite.com/static/widgets/eb_widgets.js *.googletagmanager.com https://cdn.syndication.twimg.com/ *.twitter.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1 allow 'self' default-src 'self' 'unsafe-inline' www.google-analytics.com *.twitter.com *.facebook.com *.facebook.net *.google.com 1 default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src ' self 'https://www.google-analytics.com; connect-src' self '; font-src' self '; style-src' self '; 1 default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* ;style-src * 'unsafe-inline' https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:*; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com bibliocms.com *.bibliocms.com bibliocms.com *.bibliocms.com http://bibliocms.com; 1 default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com https://app-sj04.marketo.com/index.php https://pages.videojet.com/js/forms2/js/forms2.min.js http://app-sj04.marketo.com http://pages.videojet.com https://www.google-analytics.com/analytics.js http://stats.wp.com http://www.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mouseflow.com/projects/91c4ddb6-49ff-40dc-ba2b-125c44c82444.js http://cdn.mouseflow.com/projects/91c4ddb6-49ff-40dc-ba2b-125c44c82444.js https://pages.videojet.com/js/forms2/js/forms2.min.js https://pages.videojet.com/index.php/form/getForm https://stats.wp.com/e-202251.js http://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://s0.wp.com http://app-sj04.marketo.com http://pages.videojet.com/js/forms2/css/forms2-theme-simple.css http://pages.videojet.com/js/forms2/css/forms2.css http://pages.videojet.com https://pages.videojet.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://s0.wp.com; frame-src 'self' https://widgets.wp.com https://www.google.com http://app-sj04.marketo.com https://www.youtube.com http://pages.videojet.com https://pages.videojet.com; img-src 'self' data: https://secure.gravatar.com https://www.google.com http://app-sj04.marketo.com https://www.youtube.com https://www.googletagmanager.com http://www.google-analytics.com http://pixel.wp.com https://cdn.cookielaw.org https://global.laetus.com https://pixel.wp.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self'; 1 default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self'; font-src 'self' https: 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com curator-assets.b-cdn.net; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sppl.bibliocms.com *.sppl.bibliocms.com https://sppl.org sppl.org *.sppl.org; 1 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ 1 default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.webspellchecker.net/ https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/ *.hotj blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.webspellchecker.net/ https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1 child-src *;connect-src 'self' https://www.google-analytics.com https://*.googleapis.com/ https://www.facebook.com https://stats.g.doubleclick.net https://*.google.com https://*.google.cz https://*.google.sk https://*.smartlook.com;default-src 'self';font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com https://*.typekit.net;form-action 'self' * https://www.facebook.com https://connect.facebook.net;frame-ancestors 'self';frame-src *;img-src data: *;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://www.google.cz https://www.google.sk https://www.youtube.com https://*.ytimg.com https://*.smartlook.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.typekit.net; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net ; connect-src 'self' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net ; img-src 'self' data: *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net ; style-src 'self' 'unsafe-inline' *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net ; frame-ancestors 'self' ; frame-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src 'self' data: blob: https:; font-src 'self' data: https:; form-action *; connect-src *; 1 default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 style-src 'unsafe-inline' 'self' http: https: ; 1 default-src 'self'; connect-src 'self' https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://*.ekir.de https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.openstreetmap.de https://*.ekkt.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1 block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.googleapis.com https://cdn.plyr.io; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz; frame-ancestors 'self'; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://objects.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://story.icecat.biz; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz; upgrade-insecure-requests 1 default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro www.youtube.com cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro data.reactandshare.com; frame-src 'self' www.youtube.com https://app.powerbi.com; frame-ancestors 'self'; 1 default-src 'self' squigglepark.com *.squigglepark.com; script-src 'self'; frame-src 'self' youtube.com https://www.youtube.com; img-src 'self' https://ela-global-sp-website-uploads.s3.amazonaws.com; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/bxslider/4.2.15/jquery.bxslider.min.js https://connect.facebook.net/signals/config/382276082691196 https://use.typekit.net/dlr3zcy.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; object-src 'none'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js https://connect.facebook.net/en_US/fbevents.js https://use.typekit.net/dlr3zcy.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; 1 script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1 urbanohio.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com grpl.bibliocms.com *.grpl.bibliocms.com https://www.grpl.org www.grpl.org *.www.grpl.org; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.youtube.com blog.playstaxel.com www.humblebundle.com store.steampowered.com data:;frame-ancestors 'self' 1 default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1 default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1 frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1 default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' https://region1.google-analytics.com/ https://html5.validator.nu/ www.google-analytics.com; script-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ unpkg.com/interactjs/ connect.facebook.net static.tacdn.com www.tripadvisor.fr www.tripadvisor.com www.jscache.com assets.pinterest.com log.pinterest.com ajax.googleapis.com platform.twitter.com apis.google.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' static.tacdn.com fonts.googleapis.com; img-src 'self' data: www.tripadvisor.fr static.tacdn.com www.googletagmanager.com www.google-analytics.com; media-src 'self'; frame-src 'self' p.travelsmater.net www.openstreetmap.org *.twitter.com *.facebook.com youtube.com *.youtube.com *.youtube-nocookie.com youtu.be dailymotion.com *.dailymotion.com vimeo.com *.vimeo.com vevo.com *.vevo.com video.libcast.com google.com *.google.com; frame-ancestors 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 1 default-src 'self' lescavesdelamarechale.bonkdo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' lescavesdelamarechale.bonkdo.com https://platform.twitter.com https://apis.google.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'self' https://www.google.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/ https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com; media-src 'self'; frame-src 'self' lescavesdelamarechale.bonkdo.com https://platform.twitter.com https://youtube.com https://www.youtube.com https://youtu.be https://dailymotion.com https://www.dailymotion.com https://vimeo.com https://www.vimeo.com https://vevo.com https://www.vevo.com https://video.libcast.com https://www.google.com https://google.com; font-src 'self' https://use.fontawesome.com/ https://fonts.googleapis.com https://fonts.gstatic.com 1 default-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net https://veracity-cdn.azureedge.net; style-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com cdnveracity.azureedge.net blob: https://veracity-cdn.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CiLqRFMo488mIhk5Iet/2ifYUgGAu+sgjUSOXHNcO2M=' 'sha256-Zx6t6tJBEfAGbwFZi0YK/Qv2m/UKBp4XprjbGNvOA8Y=' 'sha256-qpE3yDYwtYLcYeBZJQCR3PBmJHopLnOlMQRNFjhu4Sw=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dreGTkhRtQfwSXsd3ZavyTtL9QeeRUMFpniTUPkTNdg=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA=' tagmanager.google.com fonts.googleapis.com 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA='; img-src 'self' data: cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitycdn.azureedge.net veracitystatic.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracitytest.azureedge.net veracity.azureedge.net brandcentral.dnvgl.com brandcentral.dnv.com devtestdevprofile.blob.core.windows.net testdevprofile.blob.core.windows.net stagdevprofile.blob.core.windows.net cdn.sanity.io devprofile.blob.core.windows.net cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com https://px.ads.linkedin.com/ www.google.no www.google.com www.googletagmanager.com px.ads.linkedin.com www.linkedin.com google-analytics.com googletagmanager.com www.google.se *.adsymptotic.com s861531437.t.eloqua.com; script-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://veracity-cdn.azureedge.net az416426.vo.msecnd.net 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com; media-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io brandcentral.dnvgl.com brandcentral.dnv.com https://veracity-cdn.azureedge.net; connect-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io wss://localhost:3011 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net https://s861531437.t.eloqua.com/e/f2 dc.services.visualstudio.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net; style-src-attr 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CiLqRFMo488mIhk5Iet/2ifYUgGAu+sgjUSOXHNcO2M=' 'sha256-Zx6t6tJBEfAGbwFZi0YK/Qv2m/UKBp4XprjbGNvOA8Y=' 'sha256-qpE3yDYwtYLcYeBZJQCR3PBmJHopLnOlMQRNFjhu4Sw=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dreGTkhRtQfwSXsd3ZavyTtL9QeeRUMFpniTUPkTNdg=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA='; script-src-elem 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net https://*.siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://img.en25.com/i/elqCfg.min.js 'sha256-gyx8gdfo/kbUsjsztRzImiGTH40PvnMaTBfx67Fme78=' 'sha256-5iNjqILmY2w3enZeIDSRCXLxYlrDBLo0O6Vrz+x52lQ=' 'sha256-KccRV2ejzQNCmcavwmuYyTe5GXLq6U8XN4zZuuEcfCk=' 'sha256-4UrsozB38acysIpnw9wDZ2kh8VUlwojNs0+hs5TPAgY=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-hZeD7EFjjyhQ7TjefoatAoAuvdydzA2gDzbnc13qZcY=' 'sha256-IuR48Fro3ShOtgRdkzhhTRnQeCIU39pgd6QgAcPScUU=' https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com img06.en25.com/i/elqCfg.min.js sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com *.msecnd.net https://s861531437.t.eloqua.com 'sha256-V4maMn3x0vYd5E0TBXBNVujwiiL8FmRT//A9v7mR/G0=' 'sha256-ggyiRNSfxveXe5war2EMXV6BjqXtGRmL09jwiJFT62k='; font-src cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net data: fonts.gstatic.com; frame-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com/ns.html; report-uri https://veracitycommon.report-uri.com/r/t/csp/enforce; report-to https://veracitycommon.report-uri.com/a/d/g 1 frame-ancestors 'self' stats.ballensiefen.net 1 script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1 default-src 'self'; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://api.reciteme.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' hhttps://api.reciteme.com ttps://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://api.reciteme.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://api.reciteme.com 1 object-src 'none' 1 default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1 default-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au; script-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net cdn.curator.io s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.vision6.com.au www.google.com www.gstatic.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s.ytimg.com drwgdblqzrfiz.cloudfront.net; style-src 'self' 'unsafe-inline' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.googleapis.com tagmanager.google.com cdn.curator.io drwgdblqzrfiz.cloudfront.net; img-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com s7.addthis.com www.facebook.com pbs.twimg.com scontent-iad3-1.xx.fbcdn.net external-iad3-1.xx.fbcdn.net emarketing-au.s3-ap-southeast-2.amazonaws.com *.xx.fbcdn.net drwgdblqzrfiz.cloudfront.net; frame-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s7.addthis.com www.google.com www.facebook.com; font-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.gstatic.com cdn.curator.io; connect-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au drwgdblqzrfiz.cloudfront.net cdn.curator.io api.curator.io m.addthis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1 default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://service.bzga.de/ 1 default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com/ data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com; object-src data:; frame-src 'self' mailto: tel: *.krone-dev.cybob-one.com *.krone-agriculture.com *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com; script-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net; connect-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net; font-src 'self' https://fonts.gstatic.com data: 1 font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.curator.io https://cdn.productreview.com.au https://fonts.yieldify-production.com;img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://stats.g.doubleclick.net https://dc.yieldify.com https://*.cloudfront.net https://scontent.cdninstagram.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://bat.bing.com https://ad.doubleclick.net https://go.flx1.com https://secure.adnxs.com https://cookiea1.veinteractive.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://hey.hellobar.com http://cookiea1.veinteractive.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://cdsaus2.veinteractive.com https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://cm.g.doubleclick.net https://veads.veinteractive.com https://insight.adsrvr.org https://assets.yieldify.com https://ads.yahoo.com https://curatorio.s3.amazonaws.com https://cdn.curator.io https://adservice.google.com https://*.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://cdn.livechatinc.com https://tags.w55c.net https://i.w55c.net https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://su.addthis.com https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://cds.taboola.com https://secure.getprice.com.au https://a.b0e8.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://cx.atdmt.com https://tr.outbrain.com https://r.turn.com *.id.amgdgt.com https://*.yieldify.com https://trc.taboola.com https://c.clarity.ms https://c5.adalyser.com https://sp.analytics.yahoo.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://giftcreation.giftflick.com.au https://gf-cdn.s3-ap-southeast-2.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://pixel.quantserve.com ; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://cdn.curator.io https://platform.twitter.com https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://www.wufoo.eu https://configaus2.veinteractive.com https://bat.bing.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://my.hellobar.com https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://platform.twitter.com https://cdn.curator.io https://cdn.syndication.twimg.com https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://s.adroll.com https://d.adroll.com https://ib.adnxs.com https://www.wufoo.com https://secure.wufoo.com https://apps.rokt.com https://roktcdn1.akamaized.net https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdn.taboola.com https://www.eventbrite.com.au https://woobox.com https://trc.taboola.com https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tag.lexer.io https://*.yieldify.com https://e.clarity.ms https://g.clarity.ms https://c5.adalyser.com https://secure.quantserve.com https://rules.quantcount.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://tr.outbrain.com ;default-src 'self' https://images.wineselectors.com.au https://configaus2.veinteractive.com https://vars.hotjar.com https://www.google.com https://www.facebook.com https://roktcdn1.akamaized.net ;connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://api.curator.io https://appsapihk.veinteractive.com https://cookiea1.veinteractive.com https://c.flx1.com wss://ws1.hotjar.com https://cdsaus2.veinteractive.com https://bacon.section.io https://in.hotjar.com https://apps.rokt.com https://stats.g.doubleclick.net https://www.facebook.com https://trc.taboola.com https://sessionapihk.veinteractive.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://dtrchk.veinteractive.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://cds.taboola.com https://trc-events.taboola.com https://pips.taboola.com https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au;object-src 'self' https://images.wineselectors.com.au;child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://syndication.twitter.com https://www.instagram.com https://wineevents.wufoo.eu https://wineevents.wufoo.eu https://configaus2.veinteractive.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://apps.rokt.com https://www.google.com.au https://secure.livechatinc.com https://woobox.com https://wineselectors.ipscape.com.au https://bid.g.doubleclick.net https://www.ojrq.net https://tracking.gopsjump.com.au https://mozbar.moz.com https://*.yieldify.com https://lisac101.wufoo.com https://ct.pinterest.com; 1 default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ data: https://shop.bzga.de/; img-src 'self' data: https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1 default-src 'self' 'unsafe-inline' blob: *.hellowork.com *; object-src 'none'; frame-ancestors 'self' https://compte.hellowork.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 1 frame-ancestors https://*.formacionrandstad.es https://formacionrandstad.es https://*.randstad.es; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://ajax.googleapis.com https://cdn.onesignal.com https://*.wp.com https://pixel.wp.com https://onesignal.com https://cdn.onesignal.com https://pagead2.googlesyndication.com http://www.googletagmanager.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://adservice.google.gr https://www.googletagservices.com https://tpc.googlesyndication.com https://adservice.google.com https://servedbyadbutler.com http://bs.serving-sys.com https://secure-ds.serving-sys.com https://servedbyadbutler.com https://ekloges.ypes.gr; img-src 'self' data: https://www.paypalobjects.com https://pixel.wp.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://servedbyadbutler.com https://www.google.com https://www.google.gr http://bs.serving-sys.com https://secure-ds.serving-sys.com https://servedbyadbutler.com; object-src 'self' data: https://www.youtube.com/ https://*.paypal.com/ https://*.stripe.com/ https://widgets.wp.com https://cdn.onesignal.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://www.google-analytics.com/analytics.js https://servedbyadbutler.com http://bs.serving-sys.com https://secure-ds.serving-sys.com https://servedbyadbutler.com https://ekloges.ypes.gr; frame-src 'self' data: https://www.youtube.com/ https://*.paypal.com/ https://*.stripe.com/ https://widgets.wp.com https://cdn.onesignal.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://www.google-analytics.com/analytics.js https://servedbyadbutler.com http://bs.serving-sys.com https://secure-ds.serving-sys.com https://servedbyadbutler.com https://ekloges.ypes.gr; 1 default-src *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; script-src *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; connect-src 'self' *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1 default-src 'self' *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net comptoir.candidats.talents-in.com r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com z.moatads.com; connect-src 'self' *.addthis.com *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net comptoir.candidats.talents-in.com consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gtm.js wss://*.bing.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr *.bing.com fonts.googleapis.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.addthis.com *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com; object-src 'none' 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-6b25f01f98b945fa542be131e1bbc291' 'nonce-425cf650b193e6c392f9f8d70343f5e5' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6b25f01f98b945fa542be131e1bbc291' 'nonce-425cf650b193e6c392f9f8d70343f5e5' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com 'nonce-NzcyODBlYzY1ZDVkMTYyNDAwMDVkYWQzZjUxYzMyOTQ1YWJkMTY3ODMyZTFlY2JhNjQ2NjBhYzIyN2UyZjc1ZmJmYjAxZGE4YmFiNzJmNmM1YTJkODRiOTJiOTM1ZTA0NDM1MTRlOTc2YmViMTk1YzAxZDVmNjY1NzRlNTEyNzA=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1 default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/; 1 default-src https:; script-src 'self' 'nonce-5CKW997P1T98tRmCv2DqoUhj3Qp6AQ9B' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-yipeVKdjY3hHlT9yHCjO9ifo2Q+cX26C' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com 1 default-src 'self';base-uri 'self';form-action 'self';script-src * 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src data: *;media-src 'self';font-src 'self' data: themes.googleusercontent.com;connect-src *;frame-src id.ubble.ai;frame-ancestors 'none';prefetch-src 'self'; 1 default-src 'self' *.readspeaker.com; script-src 'self' www.googletagmanager.com *.google-analytics.com 'nonce-WldOa056QTNZV0UwWkROaU5qWTE=' *.readspeaker.com *.vrmwb.nl 'nonce-T1dNeE1URTBNV1F5TnpNd1pUSmo=' 'nonce-TkRoaFpUZzBaRE00TkRRd01ERm0=' 'nonce-TlRJM1l6RmlOVEF6WXpaak5EVTU=' 'nonce-T0dZeVptVmtaalpsWkdSaE9EUXk=' 'nonce-WW1KbU9HRXpabVV4TnpRME0yTmw='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com 'nonce-TkRJNU5XSTVZVFZsWWpjNFpqQTQ=' *.vrmwb.nl 'nonce-TmpWa1lXRTNOV0l4TWpGaE9UUTU=' 'nonce-WVRFM01HTmlPR0pqT0dNME5qaG0='; img-src 'self' data: *.google-analytics.com *.gstatic.com *.toegankelijkheidsverklaring.nl *.readspeaker.com *.vrmwb.nl *.openstreetmap.org; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com googletagmanager.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; connect-src 'self' *.google-analytics.com *.readspeaker.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de www.bisp-surf.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com www.datawrapper.de datawrapper.dwcdn.net; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self' www.datawrapper.de datawrapper.dwcdn.net; worker-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com https://yoast.com; frame-src 'self' https://codepen.io https://consentcdn.cookiebot.com https://www.google.com https://www.youtube.com 1 default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com https://cdn.curator.io/; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://www.gstatic.com https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/ https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://*.gstatic.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ https://*.google-analytics.com https://*.googletagmanager.com 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com kentonlibrary.bibliocms.com *.kentonlibrary.bibliocms.com https://www.kentonlibrary.org www.kentonlibrary.org *.www.kentonlibrary.org; 1 default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.openstreetmap.org ; media-src 'self' ; font-src 'self' ; frame-src 'self' data: ; connect-src 'self' data: ; 1 default-src 'self' https://fonts.gstatic.com/s/nunito/ https://code.jquery.com;frame-ancestors ;frame-src * https://www.google.com/recaptcha/api2/ assets.braintreegateway.com *.paypal.com;connect-src 'self' * *.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com;script-src 'self' 'unsafe-inline' songbirdstag.cardinalcommerce.com www.paypalobjects.com *.paypal.com https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.css https://code.jquery.com/ https://fonts.googleapis.com/ assets.braintreegateway.com;media-src 'self';img-src 'self' * data:;child-src *.paypal.com assets.braintreegateway.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src https://www.google.com/recaptcha/ https://fast.wistia.com https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://fast.wistia.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1 default-src 'self'; connect-src 'self' https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://*.ekir.de https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1 * 1 default-src 'self' *.google.com *.googleapis.com *.google-analytics.com *.clickdimensions.com *.vo.msecnd.net 1 default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1 img-src ; media-src data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1 base-uri 'self' http://test.redballoon.work:3001/ http://localhost:3001/;child-src 'none';connect-src 'self' forms.hsforms.com *.backblaze.com hubspot-forms-static-embed.s3.amazonaws.com/ assets.redballoon.work http://test.redballoon.work:3001/ http://localhost:3001/ ws://test.redballoon.work:3001/ ws://localhost:3001/ test.redballoon.work:8108 localhost:8108 analytics.redballoon.work qa.search.redballoon.work search.redballoon.work api.honeybadger.io secure.safewebservices.com;default-src 'self';font-src 'self' assets.redballoon.work fonts.gstatic.com;form-action 'self' forms.hsforms.com;frame-ancestors www.youtube.com;frame-src www.youtube.com player.vimeo.com www.youtube-nocookie.com forms.hsforms.com iframe.cloudflarestream.com secure.safewebservices.com;img-src 'self' blob: assets.redballoon.work data: forms.hsforms.com forms-na1.hsforms.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' assets.redballoon.work www.rzv9sztrk.com www.youtube.com embed.cloudflarestream.com analytics.redballoon.work js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com secure.safewebservices.com;style-src 'self' assets.redballoon.work data: fonts.googleapis.com secure.safewebservices.com 'unsafe-inline';worker-src 'self'; 1 script-src 'self' http://maps.googleapis.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1 frame-ancestors 'self' harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com bam.harridev.com ar.harridev.com pl.harridev.com tr.harridev.com; 1 default-src 'self';object-src 'self'; connect-src https://*; style-src 'self' https://* 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src https://*; report-uri https://*; base-uri https://*; form-action https://*; upgrade-insecure-requests; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';font-src 'self' https://*; img-src https://* data:; child-src 'none' 1 default-src 'self' https://analytics.google.com/g/collect; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com/api/player.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://i.vimeocdn.com; frame-src 'self' https://player.vimeo.com 1 default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.myscoreguard.com *.pushnami.com *.smartlook.com *.smartlook.cloud static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io cdn.userway.org www.googleadservices.com; style-src 'self' 'unsafe-inline' *.myscoreguard.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.myscoreguard.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.smartlook.com *.smartlook.cloud *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io *.userway.org googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src data: 'self' mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1 base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.bing.com *.bing.com https://*.google.com *.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net https://hello.myfonts.net hello.myfonts.net https://*.clarity.ms *.clarity.ms https://*.intercom.io *.intercom.io https://*.powr.io *.powr.io https://*.yimg.com *.yimg.com wss://*.intercom.io; font-src 'self' https://*.typekit.net *.typekit.net https://*.intercomcdn.com *.intercomcdn.com; form-action 'self'; frame-ancestors 'self' https://www.summerdiscovery.com www.summerdiscovery.com; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.youtube.com *.youtube.com https://*.powr.io *.powr.io https://*.salesforce-sites.com *.salesforce-sites.com https://summerdiscovery.secure.force.com summerdiscovery.secure.force.com https://summerdiscovery.tfaforms.net summerdiscovery.tfaforms.net https://*.tickcounter.com *.tickcounter.com https://*.visme.co *.visme.co https://www.summerdiscovery.com www.summerdiscovery.com; img-src 'self' https://www.summerdiscovery.com www.summerdiscovery.com https://*.kickfire.com *.kickfire.com https://*.rumiview.com *.rumiview.com https://*.adsymptotic.com *.adsymptotic.com https://*.bbb.org *.bbb.org https://*.bing.com *.bing.com https://*.clarity.ms *.clarity.ms https://www.facebook.com www.facebook.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.intercomcdn.com *.intercomcdn.com https://*.linkedin.com *.linkedin.com https://static.intercomassets.com static.intercomassets.com https://*.yahoo.com *.yahoo.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.adobedtm.com *.adobedtm.com https://*.kickfire.com *.kickfire.com https://*.rumiview.com *.rumiview.com https://*.simpli.fi *.simpli.fi https://bat.bing.com bat.bing.com https://ajax.googleapis.com ajax.googleapis.com https://*.clarity.ms *.clarity.ms https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.doubleclick.net *.doubleclick.net https://connect.facebook.net connect.facebook.net https://*.google.com *.google.com https://translate.google.com translate.google.com https://*.googleadservices.com *.googleadservices.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.powr.io *.powr.io https://snap.licdn.com snap.licdn.com https://static.hotjar.com static.hotjar.com https://*.tickcounter.com *.tickcounter.com https://*.visme.co *.visme.co https://widget.intercom.io widget.intercom.io https://js.intercomcdn.com js.intercomcdn.com https://*.youtube.com *.youtube.com https://*.yimg.com *.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://hello.myfonts.net hello.myfonts.net https://translate.googleapis.com translate.googleapis.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com 'unsafe-inline'; upgrade-insecure-requests 1 script-src 'nonce-Vlv3fX9DfbBkEbKpHKxCIl2mtt0=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 default-src *; connect-src *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com rclreads.bibliocms.com *.rclreads.bibliocms.com https://www.rclreads.org www.rclreads.org *.www.rclreads.org; 1 base-uri 'none';child-src 'none';connect-src 'self' cdn.segment.com api.segment.io connect.facebook.net orca-app-lufsa.ondigitalocean.app noembed.com preview.contentful.com cdn.contentful.com api.neonwild.com www.google-analytics.com o496523.ingest.sentry.io neonwild.co neonwild.com neon-wild.com staging-gateway.neon-wild.com dev-gateway.neon-wild.com gateway.neonwild.com app.viral-loops.com webpack://*;default-src 'self' videos.ctfassets.net;font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src www.youtube.com app.viral-loops.com;img-src 'self' data: images.ctfassets.net www.facebook.com neonwild.imgix.net i.ytimg.com;manifest-src 'self';media-src videos.ctfassets.net neonwild.co youtu.be www.youtube.com;object-src 'none';prefetch-src 'self';script-src 'self' cdn.segment.com connect.facebook.net www.googletagmanager.com www.youtube.com 'unsafe-eval' 'unsafe-inline' neonwild.com app.viral-loops.com 'unsafe-eval';style-src 'self' 'unsafe-inline' 'unsafe-inline';worker-src 'self'; 1 base-uri 'self'; child-src blob: 'self' gap: https://www.google.com/ https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/; frame-src blob: 'self' gap: https://www.google.com/ https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/; connect-src 'self' https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://qfx.tools.investis.com/ https://*.paragonbank.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src data: 'self' https://* blob:; media-src data:; script-src 'self' https://cdn.sitesearch360.com/ https://qfx.tools.investis.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.youtube.com/ https://*.visualwebsiteoptimizer.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ https://*.twimg.com/ https://*.twitter.com/ 'unsafe-inline'; frame-ancestors gap: 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=SOKFAlyQeq5UMWf%2FW%2FDwSrWF5E4Kv6n3R9Y7TH7hcND7bUldH%2Fmc4sxG12oHzOVa518F2BszoDh4732T%2FHgwOw%3D%3D; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com a.omappapi.com js.adsrvr.org builder.lift.acquia.com js.usemessages.com connect.facebook.net cookie-cdn.cookiepro.com js.hs-scripts.com fast.wistia.net maps.googleapis.com protect-us.mimecast.com snap.licdn.com js-agent.newrelic.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.gstatic.com tpc.googlesyndication.com www.google.com fast.wistia.net app.wistia.com bh.contextweb.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' a.omappapi.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.hubspot.com *.omappapi.com embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.am *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' match.adsrvr.org insight.adsrvr.org *.hs-sites.com *.hubspot.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net fast.wistia.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net *.omappapi.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.omappapi.com notify.bugsnag.com sessions.bugsnag.com us.perz-api.cloudservices.acquia.io *.ucweb.com hubspot-forms-static-embed.s3.amazonaws.com fast.wistia.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://*.hubspot.com https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://code.jquery.com; font-src 'self' https://use.typekit.net https://*.hotjar.com; form-action 'self' https://www.onlydomains.com https://account.centralnicreseller.com; frame-ancestors 'none'; frame-src https://www.recaptcha.net https://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://t.co https://*.linkedin.com https://*.twitter.com https://*.cookieyes.com https://cdn-cookieyes.com data:; object-src 'none'; script-src https://code.jquery.com https://cdn-cookieyes.com https://*.cookieyes.com 'nonce-WOfaY9mhuRWfrm2BNibiPmsmeso=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.typekit.net https://*.hotjar.com https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self'; 1 default-src 'none'; font-src 'self' *.gstatic.com *.tiny.cloud; frame-src 'self' *.youtube.com *.google.com *.vimeo.com vimeo.com; connect-src 'self' *.google-analytics.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.tiny.cloud; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: google.com gstatic.com *.google-analytics.com *.googleapis.com ajax.googleapis.com *.googletagmanager.com cdn.tiny.cloud www.civildefence.govt.nz civildefence.govt.nz; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.tiny.cloud; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com placehold.it *.tiny.cloud *.tinymce.com *.googletagmanager.com *.placeholder.com; 1 base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com *.olark.com trafmag.utarget.ru *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com; object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1 img-src * data: 1 font-src 'self' fonts.gstatic.com https://*.intercomcdn.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com data:; img-src * data:; script-src 'self' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.google-analytics.com marketing.talmix.com marketing.mbaco.com https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ connect.facebook.net https://s.adroll.com https://d.adroll.com https://*.intercom.io https://*.intercomcdn.com https://pi.pardot.com https://fullstory.com https://*.fullstory.com https://d2yyd1h5u9mauk.cloudfront.net https://scout-cdn.salesloft.com https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com https://1922ad1ca24372498797-3b677d6bb99015de4b7df47cce09c3b8.ssl.cf3.rackcdn.com; style-src 'self' tagmanager.google.com fonts.googleapis.com 'unsafe-inline' https://app-talmix.scdn4.secure.raxcdn.com https://www-talmix.scdn3.secure.raxcdn.com 1 default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com; report-uri /report-csp-violation 1 frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.ins-netz-gehen.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.ins-netz-gehen.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 1 default-src 'self'; connect-src 'self' https://webgate.ec.europa.eu https://intracomm.ec.europa.eu https://intragate.ec.europa.eu https://webgate.ec.testa.eu https://ecas.ec.europa.eu https://ecas.cc.cec.eu.int:7002 https://www.cc.cec https://ecas.ec.testa.eu; font-src 'self'; frame-ancestors 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'self'; object-src 'self'; plugin-types application/pdf audio/x-wav; script-src 'self'; style-src 'self'; block-all-mixed-content; 1 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com https://w.soundcloud.com https://open.spotify.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk https://www.youtube.com; connect-src 'self' https://sentry.io https://noembed.com https://cdn.plyr.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://region1.google-analytics.com; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1 default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.cloudflareinsights.com *.slideshare.net; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1 default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.vimeo.com *.mapbox.com; style-src 'self' 'unsafe-inline' *.mapbox.com; img-src data: blob: 'self' *.fbcdn.net *.cdninstagram.com https://i.ytimg.com https://i.vimeocdn.com; worker-src blob:;child-src blob:; connect-src 'self' https://*.mapbox.com https://noembed.com https://vimeo.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com 1 default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://nhs.attendanywhere.com https://feeds.trac.jobs/ https://www.google-analytics.com *.google.com *.googleapis.com https://*.google.co.uk https://*.googletagmanager.com https://*.g.doubleclick.net 1 frame-ancestors 'none'; object-src 'none'; media-src 'self' data: *.cloudinary.com https://js.intercomcdn.com https://js.driftqa.com js.driftt.com player.vimeo.com vod-progressive.akamaized.net; worker-src 'self' blob:; report-uri https://sentry.io/api/12909/security/?sentry_key=1610ada4146c464fa0d641df9d41ff59&sentry_environment=production&sentry_release=R20230531090956 1 default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://eutils.ncbi.nlm.nih.gov http://eutils.ncbi.nlm.nih.gov eutils.ncbi.nlm.nih.gov; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org data:; media-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net 'unsafe-inline' 1 default-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; frame-ancestors https://www.bementee-mv.de https://www.bildungswerk-wirtschaft.de https://bdwe1.openclick.de https://bdwe2.openclick.de https://bdwe3.openclick.de https://bdwe4.openclick.de; img-src * data: unsafe-inline 1 frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com westervillelibrary.bibliocms.com *.westervillelibrary.bibliocms.com https://westervillelibrary.org westervillelibrary.org *.westervillelibrary.org; 1 strict-origin 1 base-uri 'self'; form-action 'self' *.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.c4223.cloudnet.cloud *.vimeo.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.ungidag.se *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud *.ungidag.se *.mucf.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se *.mucf.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se *.ungidag.se; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de ; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de; worker-src 'self' *.dehst.de; 1 frame-ancestors http://clients.pensoagency.com; upgrade-insecure-requests 1 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1