Values for x-content-security-policy:
default-src 'self'; img-src *; media-src * data:; 584
frame-ancestors 'self' 447
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-eval 'self' https://hcaptcha.com https://*.hcaptcha.com; unsafe-inline 'self' https://hcaptcha.com https://*.hcaptcha.com; 218
allow 'self'; 111
img-src *; media-src * data:; 68
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 49
report-uri /report-csp-violation 48
default-src 'self'; script-src 'self'; 40
report-uri /report-csp-violation; upgrade-insecure-requests 38
default-src 'self' 'unsafe-inline' 35
default-src 'self' 34
default-src 'self'; script-src 'self' 'unsafe-inline' 26
default-src 'self'; 22
upgrade-insecure-requests 19
frame-ancestors 'none' 14
sandbox allow-scripts allow-popups allow-same-origin; 12
default-src  'self' *.fg.cz localhost localhost-promo;font-src  'self' data: fonts.gstatic.com *.fg.cz localhost localhost-promo *.zopim.com;connect-src  'self' *.google.com *.googleapis.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleadservices.com c.imedia.cz *.fg.cz *.bileto.com *.zdassets.com arrivacz.zendesk.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.instagram.com arriva.daktela.com *.googlesyndication.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.fg.cz *.facebook.net *.bileto.com *.arriva.cz *.issuu.com *.zdassets.com cdnjs.cloudflare.com arrivacz.zendesk.com *.zopim.com *.instagram.com arriva.daktela.com *.doubleclick.net *.seznam.cz *.imedia.cz;form-action  'self' *.fg.cz *.facebook.com;frame-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;worker-src  'self' www.youtube.com www.googletagmanager.com *.fg.cz *.issuu.com *.zdassets.com arrivacz.zendesk.com *.zopim.com *.google.com *.facebook.com *.doubleclick.net;frame-ancestors  'self' *.fg.cz;img-src  'self' data: blob: *.google.com *.google.cz *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.fg.cz *.doubleclick.net *.facebook.com *.bileto.com *.zopim.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.openstreetmap.org *.openrailwaymap.org *.seznam.cz;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.fg.cz *.gstatic.com *.googletagmanager.com;object-src  'self' *.fg.cz 11
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10
allow 'self'; media-src *; img-src *; script-src *; style-src *; 10
frame-ancestors https://*.marketo.com 9
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 9
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 9
upgrade-insecure-requests; 8
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 8
script-src 'self' 8
nosniff 8
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8
self 8
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 8
8
allow-scripts allow-popups allow-same-origin; 7
frame-ancestors 'self'; 7
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 7
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 7
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 7
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 6
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://ww2.sunparks.com/booking/ https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 6
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://secure.gravatar.com data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; default-src https: data: 'self'; trusted-types default; 6
allow 'self';  x-xss-protection: 1; mode=block 6
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 6
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 5
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com 'unsafe-inline' 'unsafe-eval' data: 5
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5
default-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 5
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' weleda.sabio.de 5
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 5
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 4
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 4
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 4
block-all-mixed-content 4
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 4
frame-ancestors * 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 4
frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 4
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 4
allow 'self' 4
default-src 'self'; font-src *;img-src * data:; script-src *; style-src * 4
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 3
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://my.visme.co 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 3
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 3
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 3
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 3
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com data: ; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 3
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com *.usercentrics.eu data: *.motel-one.com *.the-cloud-one.com *.usercentrics.eu; script-src *.motel-one.com *.the-cloud-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com *.smartrecruiters.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com squarelovin.com ik.imagekit.io *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com *.the-cloud-one.com *.gstatic.com *.usercentrics.eu *.pinimg.com *.pinterest.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.squarelovin.com squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com *.dialogshift.com; connect-src 'self' *.motel-one.com *.the-cloud-one.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com core.prod.co25.net; font-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.dialogshift.com; frame-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com *.pinimg.com *.pinterest.com *.surveysparrow.com surveysparrow.com *.dialogshift.com *.smartrecruiters.com; 3
allow 'self'; options inline-script eval-script; frame-ancestors 'self' 3
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3
default-src 'self'; img-src 'self$ 3
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 3
frame-ancestors 'self' localhost:* *.tason.com 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * blob: ; worker-src * blob: ; frame-ancestors 'self' https://*.moody.edu; 3
frame-ancestors *; report-uri /report-csp-violation 3
script-src 'self'; frame-ancestors 'self'; img-src 'self'; font-src 'self' 3
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 3
frame-ancestors https://app.storyblok.com/ 3
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a104283729.cdn.optimizely.com https://a104283729.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 3
reflected-xss block 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 3
frame-ancestors 'self' https://mycourses.w3schools.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
frame-ancestors 'self' tvn24.pl *.tvn24.pl *.tvn.pl 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.allrecipes.com 2
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 2
base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io;frame-ancestors 'self'; 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' *.sncf-connect.com *.aws.vsct.fr *.sncf-voyageurs.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' corning.com *.corning.com *.corningmsp.com *.ceros.com *.ariba.com 2
script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'  2
frame-ancestors www.red-gate.com; 2
default-src *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.ingest.sentry.io *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline moz-extension 'self' 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline 'self' 'unsafe-inline'; frame-src *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.openstreetmap.fr *.pop.culture.gouv.fr *.readspeaker.com *.soundcloud.com *.tolk.ai *.twitter.com *.vimeo.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://semrecf2.culture.fr https://sesame.culture.fr https://sf1-eu.readspeaker.com https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline 'self' 'unsafe-inline'; script-src *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://app.readspeaker.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://sf1-eu.readspeaker.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline moz-extension 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-VGhpc0V6UGxhdGZvcm1Ub2tlbklzTm90U29TZWNyZXRfUGxlYXNlQ2hhbmdlSXQ='; style-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.readspeaker.com *.tolk.ai *.twitter.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://sf1-eu.readspeaker.com inline 'self' 'unsafe-inline'; report-uri /nelmio/csp/report 2
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com http://xyz.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 2
default-src 'self'; font-src *; img-src * data:; script-src *; style-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors https://*.randstad.es; 2
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com  *.bootstrapcdn.com *.dynamicyield.com *.commerce-connector.com static.bosch-professional.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; child-src 'self'; font-src 'self' data; form-action https:; frame-ancestors 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; worker-src 'none' 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
ALLOW-FROM https://app.storyblok.com/ 2
connect-src 'self' 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'self' https://*.tv1.eu http://*.tv1.eu 2
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *; 2
default-src 'self'; script-src 'self' 2
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2
frame-ancestors 'self' *.force.com *.salesforce.com; 2
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg *.ap.sabio.cloud; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net *.ap.sabio.cloud s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.ap.sabio.cloud; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.ap.sabio.cloud *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net *.ap.sabio.cloud https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com *.ap.sabio.cloud https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg *.ap.sabio.cloud https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 2
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=4YWpJlBh28%2FAwwmXs%2BrJR%2FdJTs8bAqREX1vMtJH2e1kCaBMQHLkDUlCUQb3w4ASlqD8sm3qVtA2LnRbVoYIvVA%3D%3D; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineaccess1.com https: dc.services.visualstudio.com dl.episerver.net s.ytimg.com *.imi.chat js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net cds-sdkcfg.onlineaccess1.com d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com dc.ads.linkedin.com px.ads.linkedin.com www.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net connect.facebook.net bat.bing.com cdn.cookielaw.org js.hsforms.net forms.hsforms.com js.hsleadflows.net js.hs-scripts.com js.hs-analytics.net *.onetrust.com cdn.cookielaw.org js.hs-banner.com *.hotjar.com *.hotjar.io www.gstatic.com lh3.googleusercontent.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 8316073.fls.doubleclick.net www.googleadservices.com *.google.com ssl.google-analytics.com www.youtube.com js.adsrvr.org *.umpquabank.com; style-src 'self' 'unsafe-inline' *.imi.chat https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com dl.episerver.net js.hs-scripts.com js.hs-analytics.net d.impactradius-event.com umpqua-bank.sjv.io *.mookie1.com tags.tiqcdn.com adnxs.com pxl.jivox.com snap.licdn.com *.ads.linkedin.com static.ads-twitter.com analytics.twitter.com az416426.vo.msecnd.net *.hotjar.com connect.facebook.net bat.bing.com cdn.cookielaw.org 8316073.fls.doubleclick.net js.hsforms.net forms.hsforms.com js.hs-banner.com fonts.googleapis.com tagmanager.google.com;  img-src 'self' 'unsafe-inline' *.imi.chat https: lh3.googleusercontent.com dc.services.visualstudio.com *.hotjar.com *.hotjar.io *.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com stats.g.doubleclick.net bat.bing.com px.ads.linkedin.com *.hubspot.com p.adsymptotic.com gateway.zscalerthree.net cdn.cookielaw.org *.umpquabank.com www.googletagmanager.com insight.adsrvr.org www.linkedin.com pixel.advertising.com ib.adnxs.com pixel.rubiconproject.com *.adsrvr.org cm.g.doubleclick.net t.co  x.bidswitch.net   dsum-sec.casalemedia.com  simage2.pubmatic.com data: maps.gstatic.com *.googleapis.com *.ggpht; connect-src 'self' 'unsafe-inline' *.imi.chat wss://*.hotjar.com https: www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com *.umpquabank.com *.hotjar.com:* *.hotjar.io www.google-analytics.com cdn.cookielaw.org *.hubspot.com forms.hsforms.com stats.g.doubleclick.net rum-collector-2.pingdom.net; frame-src 'self' 'unsafe-inline' *.imi.chat https: *.q4cdn.com *.adsrvr.org www.theroishop.com www.gstatic.com lh3.googleusercontent.com dc.services.visualstudio.com forms.hsforms.com *.umpquabank.com *.hotjar.com *.hotjar.io bid.g.doubleclick.net player.megaphone.fm 9395210.fls.doubleclick.net platform.mi.spglobal.com *.youtube.com *.onetrust.com cdn.cookielaw.org player.ooyala.com *.q4web.com;font-src 'self' 'unsafe-inline' *.imi.chat https: *.umpquabank.com *.hotjar.com *.hotjar.io fonts.gstatic.com  data:; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
script-src 'self'; 2
default-src 'self' *.readspeaker.com data: https://viola.bundesbots.de wss://viola.bundesbots.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola.bundesbots.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net; base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe https://formularbot-fms.bzst.de.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com tags.srv.stackadapt.com/events.js *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com tags.srv.stackadapt.com/events.js; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com; report-uri /report-csp-violation 2
default-src 'unsafe-inline' https://fonts.googleapis.com https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; script-src 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl  https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://*.doubleclick.net ; style-src 'unsafe-inline' https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://fonts.googleapis.com https://surfly.io https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net ; img-src 'self' https://moventum.com.pl https://*.youtube.com https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://*.googleapis.com https://*.gstatic.com https://www.warta.pl https://*.www.warta.pl https://hdi.pl https://*.hdi.pl https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.doubleclick.net  data:; object-src 'none'; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
sandbox; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://webmessaging.usw2.pure.cloud/v1 wss://cobrowse-v2.usw2.pure.cloud wss://*.hotjar.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src 'self'; child-src data: blob:; connect-src 'self' bam.nr-data.net *.cdnbasket.net payline.com *.payline.com ids.cdnwidget.com *.onconnect-coach.3slab.fr smartsolution-onconnectcoach.azureedge.net smartsolution-smartcoach.azureedge.net ws.livingactor.com apisimulator.toutsurmoneau.test data.gouv.nc *.aticdn.net *.xiti.com stats.g.doubleclick.net *.cookiebot.com *.googleapis.com *.suez.com *.qualtrics.com; font-src 'self' data: fonts.gstatic.com payline.com *.payline.com maxcdn.bootstrapcdn.com smartsolution-onconnectcoach.azureedge.net *.suez.com *.qualtrics.com; form-action * com.suez.tsme.dev: com.suez.tsme.app:; frame-src data: blob: *.payline.com payline.com *.satisfactory.fr www.google.com *.youtube-nocookie.com *.youtube.com opendata.hauts-de-seine.fr *.cookiebot.com *.suez.com *.qualtrics.com; img-src 'self' data: blob: *.cloudfront.net cloudfront.net *.cdnwidget.com *.payline.com payline.com maps.googleapis.com maps.gstatic.com blob: api.cabestan.com smartsolution-onconnectcoach.azureedge.net *.youtube-nocookie.com *.youtube.com cdn1.iconfinder.com www.googletagmanager.com *.suez.com *.qualtrics.com; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.cabestan.com bam.nr-data.net *.newrelic.com code.jquery.com *.cloudfront.net *.capadresse.com *.capadresse.com:2814 *.cloudfront.net *.payline.com payline.com *.js-agent.newrelic.com maps.googleapis.com *.cdnwidget.com *.aticdn.net *.xiti.com *.bootstrapcdn.com suez-eau-france.dimelochat.com ws.livingactor.com *.google.com *.google.com/maps www.gstatic.com smartsolution-smartcoach.azureedge.net apisimulator.toutsurmoneau.test capadresse.apisimulator.toutsurmoneau.test:6090 capadresse.apisimulator.toutsurmoneau.test www.googletagmanager.com *.atinternet-solutions.com *.atinternet.io *.ati-host.net *.atinternet.com *.piano.io *.cookiebot.com *.suez.com *.onconnect-coach.3slab.fr *.qualtrics.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com payline.com *.payline.com smartsolution-smartcoach.azureedge.net *.bootstrapcdn.com www.gstatic.com *.googleapis.com *.suez.com *.qualtrics.com; worker-src blob: 2
frame-ancestors 'self' https://*.felgenoutlet.de 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://youtu.be https://*.hs-koblenz.de https://player.vimeo.com https://www.google.com; style-src 'self' 'unsafe-inline'; default-src https://*.hs-koblenz.de 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data:; script-src https://*.hs-koblenz.de 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' https://*.tile.openstreetmap.de data: 'self'; 2
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2
block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://objects.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://story.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://live.icecat.biz https://pet.icecat.biz https://story.icecat.biz https://edstore.icecat.biz https://live-html.icecat.biz https://*.campaign.playable.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.clarity.ms https://connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; img-src 'self' data: *; frame-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.google.com https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.googlesyndication.com; report-uri /report-csp-violation 2
frame-src 'self' https://webstat.hs-mannheim.de *.hs-mannheim.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://tour.klapty.com/; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000 *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 2
default-src 'self' multimedia.gsb.bund.de; base-uri 'self'; font-src 'self' chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com hls-hd.myrasec.de chatbot-bmi.azr.juacvoe.net wss://chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de wss://kai-bmi.bundesbots.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im  *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.cio.bund.de *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 2
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com  tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com; img-src * data: *.crazyegg.com acsbapp.com *.acsbapp.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js; frame-ancestors https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://tag.demandbase.com/d80b380c137ea7bb.min.js; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2
default-src 'self'; connect-src 'self' *.googletagmanager.com *.google-analytics.com; frame-src 'self' *.geoportal-bw.de *.leo-bw.de *.youtube.com sketchfab.com *.sketchfab.com *.swrfernsehen.de *.openstreetmap.de *.podigee.io *.podigee-cdn.net; img-src 'self' data: dummyimage.com *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.landbw.de; style-src 'self' 'unsafe-inline'; report-uri /security/csp/report 2
style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; 2
frame-ancestors https://*.procampaign.net 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2
frame-src https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2
default-src 'self' region1.google-analytics.com region1.analytics.google.com *.comptoirdesvoyages.fr bat.bing.com consentcdn.cookiebot.com www.facebook.com; base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' try.abtasty.com region1.google-analytics.com region1.analytics.google.com analytics.google.com ads.google.com app.contentsquare.com t.contentsquare.net contentsquare.com *.addthis.com *.addthisedge.com *.comptoirdesvoyages.fr *.cookiebot.com *.doubleclick.net *.newrelic.com ajax.googleapis.com bam.nr-data.net bat.bing.com connect.facebook.net comptoir.candidats.talents-in.com r.bing.com ssl.google-analytics.com static.madmetrics.com tagmanager.google.com tag.aticdn.net www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com z.moatads.com; connect-src 'self' *.abtasty.com region1.google-analytics.com region1.analytics.google.com ads.google.com *.contentsquare.net *.addthis.com *.bing.com *.comptoirdesvoyages.fr *.doubleclick.net bam.nr-data.net comptoir.candidats.talents-in.com consentcdn.cookiebot.com www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gtm.js wss://*.bing.com; img-src 'self' editor-assets.abtasty.com *.contentsquare.net data: *; child-src blob:; worker-src blob:; style-src 'self' 'unsafe-inline' * *.comptoirdesvoyages.fr try.abtasty.com *.bing.com fonts.googleapis.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' csxd.comptoirdesvoyages.fr *.addthis.com *.doubleclick.net consentcdn.cookiebot.com sdx.microsoft.com www.allocine.fr www.dailymotion.com www.facebook.com www.google.com www.gstatic.com youtu.be www.youtube.com; object-src 'none' 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 2
frame-ancestors http://*.viewlift.com 2
frame-ancestors https://*.smartrecruiters.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2
default-src 'self'; \
        script-src 'self' https://ssl.google-analytics.com; \
        img-src 'self' https://ssl.google-analytics.com 2
policy-uri /'none' 2
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.adsrvr.org; object-src *.googlesyndication.com; media-src dai.google.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; prefetch-src *.googlesyndication.com 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
default-src 'self' *.google.com *.axa-assistance.cz *.axa-assistance.sk *.axa-assistance.pl *.axa-assistance.at *.axa-assistance.hu 2
default-src 'self' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de; script-src 'self' 'unsafe-eval' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com; frame-ancestors 'self'; frame-src 'self' https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 2
frame-ancestors https://teams.microsoft.com *.microsoft.com *.live.com *.outlook.com *.office365.com *.office.com 2
frame-ancestors 'self' *.volusion.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.realsimple.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
img-src *; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1
default-src 'self'; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://*.algolia.net https://*.algolianet.com; frame-src https://www.google.com/recaptcha/; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'unsafe-inline' 'nonce-5GGrrZJ7ZK3nmgduSfIb4A=='; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1
default-src 'self' 'unsafe-inline' *.royalroad.com fonts.googleapis.com ajax.googleapis.com www.google.com challenges.cloudflare.com www.gstatic.com; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src 'self' www.royalroadl.com www.royalroad.com cdn.royalroadlegends.com www.royalroadcdn.com www.gravatar.com data:; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.instyle.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 1
frame-ancestors 'self' icrc.org *.icrc.org 1
policy-uri /parivahan//'self' 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-Z9W1FuOZFeCd3MB8ryg3xkjwh/hvg5THXWyDf8JouCOEo1qA'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de blob: data:; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfamily.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.shape.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1
frame-ancestors 'self' *.chilis.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu endpoint-app.cognigy.ai wss://endpoint-app.cognigy.ai 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
default-src data: https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none' 1
frame-ancestors 'self' *.griffith.edu.au 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucecrafts.com 1
default-src 'self' http: https: go.addigy.com https://*.addigy.com https://*.my.salesforce.com https://*.force.com https://go.pardot.com https://*.pantheonsite.io wss://ws.hotjar.com;frame-ancestors 'self' https://go.pardot.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http: https: pages.addigy.com;img-src 'self' data: https://app-app.addigy.com https://www.addigy.com https://static.addigy.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tracking.g2crowd.com https://px.ads.linkedin.com https://bat.bing.com https://t.co https://www.facebook.com https://ssl.gstatic.com https://www.gstatic.com https://analytics.twitter.com https://*.gravatar.com  http://*.gravatar.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://aorta.clickagy.com https://b.sf-syn.com https://dev.visualwebsiteoptimizer.com https://alb.reddit.com https://forms.hsforms.com https://track.hubspot.com https://*.linkedin.com https://ps.eyeota.net https://match.adsrvr.org https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://ml314.com https://obseu.bzcclandlord.com https://cm.g.doubleclick.net;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com;font-src 'self' data: http: https: fonts.googleapis.com http https: fonts.gstatic.com https://*.wistia.com;media-src 'self' data: blob: http: https:;worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' www.googletagmanager.com *.doubleclick.net *.fls.doubleclick.net pixel-a.basis.net secure.img-cdn.mediaplex.com pixel.dsp.townsquaremedia.com insight.adsrvr.org pixel-a.basis.net 1
connect-src * 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
default-src 'self' https://*.gstatic.com; connect-src 'self' https://www.vidal.ru http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.com https://*.yandex.net https://*.yandex.st https://yastat.net https://*.yastat.net https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net https://*.doubleclick.net https://relap.io https://play.google.com; font-src data: https://*.gstatic.com https://s0.2mdn.net https://yandex.ru https://*.yandex.ru https://yastatic.net https://*.yastatic.net https://yastat.net https://*.yastat.net 'self' https://relap.io https://play.google.com; frame-src 'self' https://relap.io https://www.vidal.ru https://*.youtube.com https://*.google.com https://*.google.ru https://play.google.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://awaps.yandex.ru https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://px.adhigh.net http://webvisor.com https://www.googletagmanager.com https://relap.io https://www.youtube-nocookie.com https://youtube-nocookie.com; img-src 'self' https://*.stripocdn.email https://*.tns-counter.ru https://*.medkongress.ru http://*.medkongress.ru https://*.nesterovskie-chteniya.ru http://nesterovskie-chteniya.ru https://*.tns-counter.ru https://*.weborama.fr http://*.weborama.fr https://www.vidal.ru https://vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.com https://yandex.net https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.be https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.ru https://*.google.de https://*.google.nl https://*.googleapis.com https://www.google.com.do http://*.mail.ru data: http://gderu.hit.gemius.pl https://*.youtube.com https://*.ytimg.com https://admin.mailigen.com https://dmg.digitaltarget.ru https://x01.aidata.io https://gmtdmp.mookie1.com https://eu-gmtdmp.gd1.mookie1.com https://ru-gmtdmp.mookie1.com/ https://sync.botscanner.com https://match.ads.betweendigital.com https://safehub.ru https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://stats.g.doubleclick.net https://px.adhigh.net https://cm.g.doubleclick.net https://*.doubleclick.net https://*.adriver.ru https://*.rubiconproject.com https://*.adhigh.net https://*.insigit.com https://*.republer.com https://*.webvisor.org http://ad.adriver.ru https://ad.adriver.ru http://ar.tns-counter.ru https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com https://cp.unisender.com https://vk.com https://*.honcode.ch http://*.honcode.ch https://yastatic.net https://*.yastatic.net https://relap.io https://cm.p.altergeo.ru https://*.relap.io https://www.googletagmanager.com https://play.google.com; media-src 'self' data: https://*.google.com https://*.google.ru https://*.yandex.net https://*.strm.yandex.ru https://strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://*.yandex.st https://*.yastatic.net https://*.1dmp.io http://*.1dmp.io https://s0.2mdn.net https://*.yandex.ru https://*.admetrica.ru https://www.googletagmanager.com https://relap.io https://cm.p.altergeo.ru https://play.google.com; script-src 'self' https://relap.io https://www.vidal.ru https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://*.yandex.com https://an.yandex.ru https://yandex.st https://yastatic.net https://*.yastatic.net https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.ru http://*.google-analytics.com http://*.gstatic.com http://*.google.com https://*.google.ru https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com http://pixel.betweenx.com https://px.adhigh.net https://dmp.vihub.ru https://top-fwz1.mail.ru https://pixel.betweenx.com https://*.1dmp.io http://*.1dmp.io https://go.saleswingsapp.com 'unsafe-inline' 'unsafe-eval' https://s0.2mdn.net https://px.adhigh.net https://code.createjs.com https://www.googletagmanager.com https://*.ampproject.org https://relap.io https://js.ad-score.com https://*.doubleclick.net https://static.doubleclick.net https://play.google.com; style-src 'self' https://www.vidal.ru 'unsafe-inline' 'unsafe-eval' http://*.google-analytics.com http://*.gstatic.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://yandex.st https://yastatic.net http://*.google.com https://*.google.com https://*.google.ru https://*.googleapis.com http://*.mail.ru https://*.youtube.com https://*.ytimg.com https://*.1dmp.io http://*.1dmp.io https://adfox.ru https://*.adfox.ru https://yastat.net https://*.yastat.net https://relap.io https://play.google.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.learnreligions.com 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170182930563500' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src data: wss://*.sptpub.com wss://*.ln.md:* wss://ln.md:* wss://*.7777.md:* wss://7777.md:* wss://*.7777gaming.tech:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://ln.md https://*.ln.md https://7777.md https://*.7777.md https://apis.google.com https://fonts.googleapis.com https://maps.googleapis.com https://api.ipinfodb.com https://*.comm100.com https://*.comm100.io https://*.comm100download.com https://www.googleadservices.com https://www.google.com https://*.google.bg https://*.google.md https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net  https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://google-analytics.com https://*.google-analytics.com https://accounts.google.com https://*.g.doubleclick.net https://sxt.cdn.skype.com https://www.adobe.com https://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.adform.net/ https://*.hotjar.com https://*.trafficjunky.com/ https://*.cloudflareinsights.com https://cloudflareinsights.com https://7777gaming.xyz/ https://*.7777gaming.xyz https://7777gaming.tech/ https://*.7777gaming.tech  https://sb2integration-altenar2.biahosted.com https://sb2clientstatic-altenar2.biahosted.com https://sb2frontend-altenar2.biahosted.com https://sb2auth-altenar2.biahosted.com https://sb2betslip-altenar2.biahosted.com https://wgt-s3-cdn.statscore.com https://widgets.sir.sportradar.com https://lmt.fn.sportradar.com https://widgets.fn.sportradar.com/  https://sb2bets-altenar2.biahosted.com https://sb2bonus-altenar2.biahosted.com https://sb2betbuilder-altenar2.biahosted.com/ https://sb2streaming-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2bethistory-altenar2.biahosted.com/ https://sb2lottery-betscalculator-altenar2.biahosted.com/ https://sb2platformoperations-altenar2.biahosted.com/ https://hu-sb2frontend-altenar2.biahosted.com/ https://hu-sb2bets-altenar2.biahosted.com/  https://fbstreambro.cc https://embed.twitch.tv https://spbro.live https://*.spbro.live https://ctrack.trafficjunky.net/ https://storage.googleapis.com/ ; frame-ancestors 'self' *.ln.md *.7777.md 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1
frame-ancestors 'self' *.iza.org; 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com https://ecu.atlassian.net 1
default-src https: 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1
frame-ancestors 'self' http://mobilevjs.nbcsports.com http://sprtsecureassets.akamaized.net *.nbcolympics.com nbcolympics.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://code.jquery.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com https://*.zendesk.com wss://*.smooch.io https://googleads.g.doubleclick.net https://*.google.com https://*.linkedin.com; font-src 'self' https://use.typekit.net https://*.hotjar.com; form-action 'self' https://www.onlydomains.com https://account.centralnicreseller.com; frame-ancestors 'none'; frame-src https://www.recaptcha.net https://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://t.co https://*.linkedin.com https://*.twitter.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.hsforms.com https://*.hubspot.com https://*.zendesk.com https://*.zdassets.com data:; object-src 'none'; script-src https://code.jquery.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com 'nonce-dvFf1ECsmZij5cALeZ0ExXeBv8E=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.typekit.net https://*.hotjar.com https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-67c1d56bc895c41494f54ceaf8af9c8be4b6097a7389' 'nonce-f761cc724a033cdefb7ffb7703e859ba7c57180bf3d9' 'nonce-d03a7712ad9c3ed71e5ebe4176df435db46908eb0201' 'nonce-bfcd5497f67483edb503a088a01a790ab600acf5b03e' 'nonce-f767672a63fbe0a6b547e787c76adddcdbf3890a4ccb'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
report-uri /main/report-csp-violation; upgrade-insecure-requests 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru geoadv-partner.yandex.ru direct.yandex.ru yookassa.ru  *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.bitrix24.ru *.roistat.com top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
frame-ancestors 'self' https://*.lemonade.com https://lemonade.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com bam.nr-data.net *.addtoany.com *.go-mpulse.net *.newrelic.com *.qualtrics.com *.adobedtm.com tags.tiqcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.demdex.net *.ytimg.com *.youtube.com data: libertymutualgroup.com *.libertymutualgroup.com libertymutual.com *.libertymutual.com *.qualtrics.com *.akstat.io cm.everesttech.net; frame-src 'self' *.youtube.com *.addtoany.com libertymutualcorporate.demdex.net; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.akamaihd.net *.akstat.io *.qualtrics.com bam.nr-data.net c.go-mpulse.net *.demdex.net collect.tealiumiq.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' *.bundesverfassungsgericht.de; base-uri 'self' *.bundesverfassungsgericht.de; style-src 'self' 'unsafe-inline'*.bundesverfassungsgericht.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de *.bundesverfassungsgericht.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de *.bundesverfassungsgericht.de; connect-src 'self' *.itzbund.de *.bundesverfassungsgericht.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.dailypaws.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com polyfill.io unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com *.simpli.fi tag.demandbase.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms um.simpli.fi * data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
connect-src 'self' *.mux.com *.readspeaker.com wss://chat.saarland.de; font-src 'self' data:; default-src 'self' *.googleapis.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.saarland.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.mux.com; frame-src multimedia.gsb.bund.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.readspeaker.com *.saarland.de *.dwd.de *.lpm-saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org *.geodatenzentrum.de *.siteimproveanalytics.io www.dwd.de; worker-src 'self' blob:; frame-ancestors 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.agriculture.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'  1
frame-ancestors 'self' harri.com bam.harri.com fr.harri.com es.harri.com ru.harri.com de.harri.com pl.harri.com ar.harri.com tr.harri.com live.harri.com liveschedule.harri.com new.harri.com fr.new.harri.com es.new.harri.com ru.new.harri.com de.new.harri.com pl.new.harri.com ar.new.harri.com tr.new.harri.com; 1
default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com danord.gdi-sh.de *.digsy.land; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de https://danord.gdi-sh.de https://cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.vimeo.com https://matomo.schleswig-holstein.de 'sha256-Z63e+VFsLCeJvcIIADffuk58gwH7zpv5jIPJITytEps=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' *.schleswig-holstein.de 'sha256-Iv6+ueUCwCo7hxRPKs4x5N9MLe5bAOcJqKOJNkpFa4Q=' 'sha256-hwQ3jJFF76RYXz5z/h9KPxxCmJrIWmkrPI/0ue3TTVA=' 'sha256-jJH1V3gDESBl63xPMOf/g+/WVSLp61k6VjeyPRt1KKQ=' https://danord.gdi-sh.de 'sha256-4klLXXsGOpjKz3t5aaLNu/fwLVb7TxsGq0CBc4UUkGM=' cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com *.materna.de; object-src 'none' 'self' multimedia.gsb.bund.de; media-src 'self' blob: https://multimedia.gsb.bund.de *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookies.com https://youtu.be https://vimeo.com; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de https://danord.gdi-sh.de *.podigee-cdn.net *.readspeaker.com *.kaltura.com *.seminareonlinebuchen.de; frame-src cdn.podigee.com *.podigee-cdn.net *.umweltdaten.landsh.de *.schleswig-holstein.de danord.gdi-sh.de *.google.com *.gstatic.com *.youtube.com https://*.youtube-nocookie.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.fr danord.gdi-sh.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org openlayers.org *.openstreetmap.org *.openstreetmap.fr https://matomo.schleswig-holstein.de *.schleswig-holstein.de https://danord.gdi-sh.de https://sg.geodatenzentrum.de *.seminareonlinebuchen.de *.umweltdaten.landsh.de *.cdninstagram.com hht.infomaxnet.de dam.destination.one *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self'; 1
script-src 'nonce-ed19a694-baa9-4fa8-beb4-af4c6b339dc0' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
frame-ancestors 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.zdassets.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/; 1
default-src 'self'; script-src 'report-sample' 'self' https://contaazul.my.salesforce.com/embeddedservice/5.0/client/liveagent.esw.min.js https://d.la1-c2-ia4.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://d.la1-c2-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp https://www.googletagmanager.com/gtag/js; style-src 'report-sample' 'self' https://contaazul.my.salesforce.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://contaazul.my.salesforce.com; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://653a851cb68e7c6a2aefe900.endpoint.csper.io/?v=0; worker-src 'self'; 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' *.ads.linkedin.com t.co chat.eurobank.gr *.env.chat.eurobank.gr sp.analytics.yahoo.com znovsqrc.micpn.com sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.google.nl *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net *.clarity.ms; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: *.taboola.com static.ads-twitter.com chat.eurobank.gr *.env.chat.eurobank.gr s.yimg.com *.clarity.ms https://cdn-prod.wdesk.com/ixbrl-viewer/1.0.0/ixbrlviewer.js znovsqrc.micpn.com optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' *.taboola.com cdn.linkedin.oribi.io maps.googleapis.com chat.eurobank.gr wss://chat.eurobank.gr *.env.chat.eurobank.gr wss://*.env.chat.eurobank.gr s.yimg.com *.clarity.ms recengine.margera.co *.onetrust.com wss://*.hotjar.com/api/v2/client/ws *.analytics.google.com www.google.gr optimize.google.com *.visualstudio.com *.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=YcA8NhQ7Xpq1%2FyXIDSqfkEEoTT%2FFfQDvmgd78%2BcTYyXiE%2FpDbbegn5OGcgcHx%2FJxhMvoQE7fvQSvZojxt9hUSQ%3D%3D; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' 'unsafe-inline' data: blob: prod.acquia-sites.com *.prod.acquia-sites.com  auc.arkdev.net *.auc.arkdev.net aucegypt.edu *.aucegypt.edu openweathermap.org *.openweathermap.org youvisit.com *.youvisit.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com nr-data.net *.nr-data.net newrelic.com *.newrelic.com cloudflare.com googleusercontent.com *.cloudflare.com *.googleusercontent.com youtube.com *.youtube.com youtu.be *.youtu.be gstatic.com *.gstatic.com ytimg.com *.ytimg.com ggpht.com *.ggpht.com *.campusgroups.com calendar.google.com interviewexchange.com *.interviewexchange.com auc.cloud.panopto.eu datawrapper.dwcdn.net *.watson.appdomain.cloud datastudio.google.com *.datastudio.google.com crazyegg.com *.crazyegg.com myjotform.com *.myjotform.com connect.facebook.net facebook.com *.facebook.com stats.g.doubleclick.net *.g.doubleclick.net addthis.com *.addthis.com 'unsafe-eval' moatads.com *.moatads.com addthisedge.com *.addthisedge.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com www.googleadservices.com www.google.com *.googleadservices.com *.google.com googleads.g.doubleclick.net bid.g.doubleclick.net *.g.doubleclick.net snap.licdn.com *.snap.licdn.com *.licdn.com p.adsymptotic.com *.adsymptotic.com *.googlesyndication.com googlesyndication.com cdn.linkedin.oribi.io www.google.com.eg *.google.com.eg *.mainstay.com addtoany.com *.addtoany.com googleapis.com *.googleapis.com noembed.com *.noembed.com plyr.io *.plyr.io; report-uri /report-csp-violation 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
default-src 'self' portal.dimdi.de icd11restapi-de-prerelease.azurewebsites.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.who.int; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ master.boost.ai data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro https://analytiikka.ahtp.fi/ veroskatt.boost.ai vero.boost.ai networkmigri.boost.ai prh.boost.ai data.reactandshare.com; frame-src 'self' hkp.maanmittauslaitos.fi https://www.youtube.com https://app.powerbi.com https://public.flourish.studio/; frame-ancestors 'self' yritys.tunnistus.fi htesti.katso.tunnistus.fi; 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org 1
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 1
frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn  'self'; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.cinestar.de api.unsplash.com *.google-analytics.com *.google.com *.googlesyndication.com gdpr.mandarin-medien.de *.doubleclick.net *.facebook.com *.facebook.net streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81; font-src 'self' data:; frame-src *.google.com *.doubleclick.net *.facebook.com *.ioam.de *.spotify.com; img-src 'self' data: www.google.com www.google.de bat.bing.com *.google-analytics.com *.facebook.com *.googletagmanager.com *.doubleclick.net ff-schlingel.de; media-src 'self' streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' gdpr.mandarin-medien.de; report-uri /nelmio/csp/report 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://cdn.animebytes.tv https://mei.animebytes.tv https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
frame-ancestors https://localizejs.com 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com; media-src 'self' 'unsafe-inline' youtube.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; style-src 'self' 'unsafe-inline'  https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; img-src 'self' data: blob: https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; font-src 'self' https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my 1
default-src 'self' 'unsafe-inline' https://aurora.videojet.com https://aurora-dev.videojet.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aurora.videojet.com https://aurora-dev.videojet.com https://www.clarity.ms https://www.clarity.ms/s/0.7.12/clarity.js https://www.clarity.ms/s/0.7.10/clarity.js https://www.clarity.ms/tag/ijdarnfimw https://www.clarity.ms/tag/ith1dljwbr https://wec-assets.terminus.services/13c6249f-fbb3-4c92-a363-ee30fda9fd1d/t.js https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com   https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://js-agent.newrelic.com/nr-1216.min.js https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://www.google-analytics.com/gtm/optimize.js https://googleads.g.doubleclick.net http://wcs.naver.net http://wcs.naver.net/wcslog.js https://fs.bizspring.net https://fs.bizspring.net/fs4/bstrk.1.js https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.37.0/otBannerSdk.js https://sjrtp8-cdn.marketo.com https://sjrtp8-cdn.marketo.com/rtp-api/v1/rtp.js https://hm.baidu.com https://hm.baidu.com/hm.js https://cdn.livechatinc.com https://cdn.livechatinc.com/tracking.js https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://cdn.parsely.com/keys/videojet.com/p.js https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://munchkin.marketo.net/161/munchkin.js http://63475.tctm.co http://63475.tctm.co/p.js https://api.livechatinc.com https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js http://63475.tctm.co http://63475.tctm.co/t.js http://app-sj04.marketo.com http://app-sj04.marketo.com/js/forms2/js/forms2.min.js http://cdn.livechatinc.com http://cdn.livechatinc.com/tracking.js http://munchkin.marketo.net http://munchkin.marketo.net/munchkin.js http://www.google-analytics.com http://www.google-analytics.com/analytics.js https://api.livechatinc.com https://api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration https://cdn.cookielaw.org https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.mouseflow.com https://cdn.mouseflow.com/projects/a9954248-100f-48af-93d9-4f38aeb12d06.js https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1005853898/ https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/gtm/js https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://aurora.videojet.com https://aurora-dev.videojet.com https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://s.clarity.ms/collect https://px.ads.linkedin.com/wa/ https://u.clarity.ms/collect https://n.clarity.ms/collect https://q.clarity.ms/collect https://y.clarity.ms/collect https://p.clarity.ms/collect https://z.clarity.ms/collect https://v.clarity.ms/collect https://t.clarity.ms/collect https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://x.clarity.ms/collect https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/tr https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io/partner/53880/domain/videojet.com/token https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://cdn.mouseflow.com/fonts/gstatic_droidsans.woff2 https://code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf https://code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.woff https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr6DRASf6M7VBj.woff2 https://fonts.gstatic.com https://cdn.mouseflow.com https://cdn.mouseflow.com/fonts/gstatic_droidsans.woff2 https://s0.wp.com; frame-src https://aurora.videojet.com https://aurora-dev.videojet.com https://aurora.videojet.com/public-web https://aurora-dev.videojet.com/public-web https://td.doubleclick.net/ https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com https://www.youtube.com; img-src 'self' data: https://www.google.de https://global.videojet.com https://app-sj04.marketo.com/js/forms2/images/arrow-down-bk.png https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://cdn.livechat-files.com https://wec-assets.terminus.services https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://videojet-develop.go-vip.net https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com https://img.youtube.com; manifest-src 'self'; media-src 'self' https://global.videojet.com https://videojet-develop.go-vip.net/wp-content/uploads/dam/image/homepage/hero-videojet-all-technologies.mp4 https://cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg%27 https://cdn.livechatinc.com; worker-src 'self' https://www.videojet.com/41b3993d-6157-42d3-b7bb-1fd94af4b079 https://www.videojet.com/b43d5d13-dc97-4d42-b779-876ae2a4be43 https://www.videojet.com/4f740ad9-609a-4e53-9281-3c3f3b62d0b6 https://www.videojet.com/0be8dc92-4331-4963-a9d5-057909b28a94 https://www.videojet.com/988f6ccd-deea-44cf-807b-250e56ea37de https://www.videojet.com/b2cdfa67-21c0-4377-8879-60c3065c5029 https://www.videojet.com/9feac800-0e04-46cb-a150-3e18c5dccb52 https://www.videojet.com/8b81fc23-f849-46f3-8138-359cf6bb6d09 https://aurora.videojet.com/public-web https://www.videojet.com/bcd9c812-83ca-45f9-acc3-5d7f873a062b https://aurora-dev.videojet.com/public-web https://www.videojet.com/93dfdb3a-dfb7-4d44-adc5-6d283d76cf86 https://videojet-develop.go-vip.net/us/0ea63917-af0f-47e7-be13-eb21dda0ab92 https://videojet-develop.go-vip.net/us/797c3422-c9dc-43ce-a42e-92c476b71eab https://videojet-develop.go-vip.net/us/cf0f0dd4-fcba-486c-b401-8039cd764b3b https://www.clarity.ms/tag/ith1dljwbr https://videojet-develop.go-vip.net/us/2d3f0cb9-8859-4249-a634-dcd86aba5348 https://videojet-develop.go-vip.net/us/77f8dfa2-956f-4159-bb1d-9112b307de82 https://videojet-develop.go-vip.net/us/d21eb406-daaa-4ba8-9b83-34e2f72b28f4 https://videojet-develop.go-vip.net/us/aca251b4-cefa-4847-ae66-663adac907ca https://videojet-develop.go-vip.net/us/5338b512-4dae-4754-97d5-c1f8693a4f29 https://videojet-develop.go-vip.net/us/3159eaef-e9b4-4a18-83d6-599a4fcae156 https://videojet-develop.go-vip.net/us/f4d3c7a1-325a-48bb-bebe-a152b6f30fa0 https://videojet-develop.go-vip.net/us/2b3c14ac-cf03-42cb-b5d1-f3f4f2736f99 https://videojet-develop.go-vip.net/us/6fe6bb55-8d71-4be9-9e52-7ab1f9b17310 https://videojet-develop.go-vip.net/us/5d59fb44-589e-4efa-b8a9-62c0d0b92245 https://videojet-develop.go-vip.net/us/ae7aa383-7006-44a4-9833-6a8dce243593 https://videojet-develop.go-vip.net/us/3181d96e-c13b-4fe5-bf0d-f7a08a6bd8d5; frame-ancestors https://aurora.videojet.com https://aurora-dev.videojet.com https://esds.videojet.com; 1
default-src http: https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.spendino.de https://analytics.spd.de https://maps.googleapis.com https://altruja.de https://dataservices.spd.de https://www.verbavoice.net https://live.flyp.tv https://cdn01.spd.de https://mitgliedwerden.spd.de ; img-src 'self' data: https://analytics.spd.de https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://em.altruja.de https://socialwall.spd.de https://cdn01.spd.de https://*.spd.de https://*.openstreetmap.de ; frame-ancestors 'self' https://analytics.spd.de ; default-src 'self' ; frame-src 'self' https://dpa-electionslive.s3.amazonaws.com https://analytics.spd.de https://w.soundcloud.com https://player.vimeo.com https://www.youtube-nocookie.com https://api.spendino.de https://storify.com https://streaming.b1group.de https://www.youtube.com https://live.soziale-demokratie.live https://www.blitzvideoserver.de https://api.spd.de https://app.contentflow.live https://streaming.talk42.de https://playout.3qsdn.com https://sdn-global-live-http-cache.3qsdn.com https://widget.whatsbroadcast.com https://ghb2017.limequery.com https://limequery.spd.de https://www.verbavoice.ne https://em.altruja.de https://live.flyp.tv https://us-central1-contentflow-2.cloudfunctions.net https://domhost.it-television.net https://wb.messengerpeople.com https://hd-livestream.de https://stream.liverecords.net https://www.sachsen-fernsehen.de https://open.spotify.com https://widget.whappodo.com https://embed.contentflow.net https://sipg.micropayment.de https://d3ak46ifsn9mnh.cloudfront.net https://umfragen.spd.de ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://analytics.spd.de https://dataservices.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; connect-src 'self' https://analytics.spd.de https://altruja.de https://dataservices.spd.de wss://ws-eu.pusher.com https://pusher01.spd.de https://socialwall.spd.de https://cdn01.spd.de https://mitgliedwerden.spd.de ; object-src 'self' data: ; media-src 'self' data: https://cdn01.spd.de ; font-src 'self' https://fonts.gstatic.com https://dataservices.spd.de https://mitgliedwerden.spd.de ; 1
script-src coinpedia.org 1
frame-ancestors 'self' cmsv2.zebrix.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.aboutespanol.com 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'.de datawrapper.dwcdn.net; 1
frame-ancestors 'self' https://*.allhomes.com.au 1
frame-src 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
policy-uri /'self' 1
frame-ancestors 'self' heromotocorp.com *.heromotocorp.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 1
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com https://client.crisp.chat *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://static.cloudflareinsights.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.googleapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.google-analytics.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; frame-ancestors 'self' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.foodtecsolutions.com *.hibu.us *.pizzadirector.net:* *.google.com *.opentable.com *.otstatic.com cdn.ampproject.org www.gstatic.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.twitter.com www.facebook.com connect.facebook.net cdn.syndication.twimg.com js.hs-scripts.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net salesiq.zoho.com/widget campaigns.zoho.com maillist-manage.com crm.zoho.com js.zohostatic.com vts.zohopublic.com static.hotjar.com script.hotjar.com unpkg.com api.tiles.mapbox.com *.adroll.com *.cloudfront.net cdnjs.cloudflare.com libs.a2zinc.net gh-prod-nitrosites.s3.amazonaws.com; 1
frame-ancestors https://*.milwaukeetool.eu https://viewer.ipaper.io https://my.treedis.com https://my.scene3d.co.uk 1
default-src 'self' https://static.bitrated.com; script-src 'self' https://static.bitrated.com; connect-src 'self' wss://www.bitrated.com; style-src https://static.bitrated.com 'unsafe-inline'; img-src 'self' https://static.bitrated.com data:; font-src https://static.bitrated.com data:; frame-src https://player.vimeo.com/ https://bitrated.uservoice.com/; object-src 'none'; report-uri /csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev'; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mistaua.com https://*.google.com *.google.com https://*.google.com.ua *.google.com.ua *.gstatic.com *.facebook.net *.instagram.com *.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.doubleclick.net https://*.googleadservices.com  https://*.doubleclick.net https://*.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ampproject.org counter.yadro.ru wikimapia.org vk.com https://*.jsdelivr.net https://yastatic.net cdn.api.twitter.com oss.maxcdn.com; style-src  'self' 'unsafe-inline' *.google.com *.googleapis.com; frame-src 'self' *.doubleclick.net https://*.googlesyndication.com *.googletagservices.com *.google.com *.google.com.ua *.facebook.com *.instagram.com *.youtube.com https://*.doubleclick.net https://*.g.doubleclick.net wikimapia.org *.openstreetmap.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
frame-ancestors 'none'; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.eelv.fr/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://www.youtube.com/ http://*.ufederation.com/ https://*.eelv.fr/; img-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.ytimg.com/ https://*.twimg.com/ https://platform.twitter.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://*.dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ https://www.youtube.com/ http://*.ufederation.com/ https://*.eelv.fr/; object-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/ https://*.eelv.fr/; frame-src 'self' data: blob: https://*.eelv.fr/ https://*.openstreetmap.org/ https://*.youtube.com/ https://www.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.youtu.be/ https://*.vimeo.com/ https://*.spotify.com/ https://*.issuu.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.soundcloud.com/ https://*.flowpaper.com/ https://flowpaper.com/ https://*.typeform.com/ https://typeform.com/ https://*.dailymotion.com/ https://dailymotion.com/ https://*.issuu.com/ https://sourcemaps.issuu.com/ http://*.ufederation.com/ https://*.eelv.fr/; 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src  'self' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
default-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1
frame-src 'self' blob: *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
connect-src * 'unsafe-inline' 'unsafe-eval'; default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://app-sj27.marketo.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://api.company-target.com/ https://s.company-target.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://cdn.vidyard.com/ https://cdn.transifex.com/ https://segments.company-target.com/ https://id.rlcdn.com/ https://px.ads.linkedin.com/ https://pixel.sitescout.com/ https://www.google.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.transifex.com/ https://s.company-target.com/ https://pixel.sitescout.com/; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-xyTFXD+rw9FZ3/js' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' 'unsafe-inline' blod: data: * 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.midwestliving.com 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-uo9iK/MDFrPYyt3xMQS1Ow==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
default-src 'self' *.relay42.com vars.hotjar.com 6162542.fls.doubleclick.net;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com script.hotjar.com snap.licdn.com static.cloud.coveo.com static.hotjar.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com www.awin1.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src data: 'self' *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com https://i.ytimg.com;font-src 'self' fonts.gstatic.com script.hotjar.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com https://*.hotjar.com https://*.hotjar.io k-aeu1.contentsquare.net l.contentsquare.net  maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com vc.hotjar.io wss://*.hotjar.com wss://bat.bing.com www.google-analytics.com www.google.com *.service.signalr.net wss://*.service.signalr.net;media-src 'self' ;object-src 'self' ;child-src blob: 'self' youtube.com *.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.google.com/ads/ https://kit.fontawesome.com/ https://tag.demandbase.com/ https://munchkin.marketo.net/ https://use.typekit.net/ https://script.crazyegg.com/ https://script.crazyegg.com/pages/scripts/0027/6357.js https://snap.licdn.com/ https://cdn01.basis.net/ https://play.vidyard.com/ https://connect.facebook.net/ https://www.facebook.com/ https://facebook.com/ https://j.6sc.co/ https://b.6sc.co/ https://app-sj27.marketo.com/ https://go.scaledagile.com/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://static.smartrecruiters.com/ https://*.company-target.com/ https://www.smartrecruiters.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://s.company-target.com/; img-src 'self' data: blob: https://google-analytics.com/ https://*.google-analytics.com/ https://www.google.com/ https://www.google.com/ads/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://kit.fontawesome.com/ https://salsa.scaledagile.com/ https://www.facebook.com/ https://cdn.vidyard.com/ https://cdn.vidyard.com/thumbnails/18287566/TcTilRh6vhdyHxZi9F4VIQ.png https://play.vidyard.com/ https://id.rlcdn.com/ https://b.6sc.co/ https://pixel.sitescout.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.linkedin.com/* https://go.scaledagile.com/ https://www.googletagmanager.com/ https://segments.company-target.com/ https://scaledagile.com/ https://sai2.wpengine.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/; object-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/; frame-src 'self' data: blob: https://docs.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://www.google.com/ https://www.google.com/ads/ https://scaledagile.my.salesforce.com/ https://scaledagile.lightning.force.com/ https://community.scaledagile.com/ https://safe.scaledagile.com/ https://www.facebook.com/ https://b.6sc.co/ https://play.vidyard.com/ https://cdn.vidyard.com/ https://px.ads.linkedin.com/ https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://s.company-target.com/ https://pixel.sitescout.com/ https://www.smartrecruiters.com/ https://go.scaledagile.com/ http://go.scaledagile.com/ https://app-sj27.marketo.com/ https://cdnapisec.kaltura.com/ https://player.vimeo.com/ https://open.spotify.com/ https://api.company-target.com/; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src * data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' data: https://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://web106.reachmee.com https://s.ytimg.com https://mapclick.amap.com https://restapi.amap.com https://webapi.amap.com https://public.tableau.com https://sdn.sitecore.net https://maps.googleapis.com https://maps.google.com https://sadmin.brightcove.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://cdn.plyr.io https://player.vimeo.com https://static.cloud.coveo.com https://cdn.jsdelivr.net https://view.ceros.com https://jamesleist.com; style-src 'self' data: 'unsafe-inline' https://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css https://cdnjs.cloudflare.com https://webapi.amap.com https://fonts.googleapis.com https://ajax.googleapis.com https://cdn.plyr.io https://static.cloud.coveo.com https://jamesleist.com; img-src * 'self' data: https://*.hotjar.com https://jamesleist.com; font-src 'self' data: https://*.hotjar.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com https://jamesleist.com; child-src 'self' https://sdn.sitecore.net https://web106.reachmee.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://jamesleist.com; frame-src 'self' https://*.hotjar.com https://consentcdn.cookiebot.com https://cdn.yoshki.com https://watch.twobirds.com https://www.youtube.com https://player.vimeo.com http://sdn.sitecore.net https://sdn.sitecore.net https://translate.google.com https://web106.reachmee.com https://view.ceros.com https://jamesleist.com https://www.podcaster.de; frame-ancestors 'self' https://sdn.sitecore.net; report-uri https://3chillies.report-uri.io/r/default/csp/enforce 1
frame-ancestors 'self' *.academieminerva.nl academieminerva.nl 1
sandbox allow-scripts allow-same-origin allow-forms ; 1
default-src https: http: data: blob: ws: 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://*.omantel.om 1
default-src 'self' https://www.youtube.com detergents.lidl-info.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net cdn.cookielaw.org form.lidl.com lidl.media01.eu fpm.climatepartner.com services.melixa.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; connect-src 'self' cdn.cookielaw.org *.onetrust.com; 1
default-src 'self'; img-src 'self' 1
default-src 'self' static1.clickandboat.com; connect-src 'self' https://api.clickandboat.com static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io https://*.clarity.ms click-and-boat.pxf.io https://api.privacy-center.org; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net click-and-boat.pxf.io; img-src 'self' static1.clickandboat.com static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ https://blog.clickandboat.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org; script-src 'unsafe-eval' 'self' static2.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net sslwidget.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net 'unsafe-inline' 'nonce-T993zwHPm38Dj4Ust0nwrg=='; style-src 'self' static2.clickandboat.com static3.clickandboat.com https://assets.clickandboat.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://sdk.privacy-center.org 1
default-src 'self'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' ; img-src *; frame-src 'self' https://www.google.com/recaptcha/; report-uri https://auth.cessecure.com/csp/report 1
default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de  https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1
default-src *;script-src 'self' 'nonce-5q7p7tB6i1cPnxWrHHeAVUZGpYOqRpt8VztFOjue2+c='; 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors *.scaledrone.com 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de  www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-8191d8c5c474f222cc8232a91f745e1d' 'nonce-ac876a3615b1777542fa9a2c572c2ead' 'nonce-8941a10aba5e3a5c07a6995feb9ca2a5' 'nonce-5b0915c0e93abe15184806c3d5b44c64' 'nonce-e7e608e88165437750e5b054a1530907' 'nonce-84b35f9c4d12e9c38a1fc1579f2b9404' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8191d8c5c474f222cc8232a91f745e1d' 'nonce-ac876a3615b1777542fa9a2c572c2ead' 'nonce-8941a10aba5e3a5c07a6995feb9ca2a5' 'nonce-5b0915c0e93abe15184806c3d5b44c64' 'nonce-e7e608e88165437750e5b054a1530907' 'nonce-84b35f9c4d12e9c38a1fc1579f2b9404' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com *.googleapis.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://*.holman.com 1
 default-src 'self'; script-src 'self' *.etracker.com *.etracker.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' *.etracker.com https://*.etracker.de; font-src 'self' data:; object-src 'self'; media-src 'self'; child-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self';               frame-src 'self' https://www.youtube.com https://mychart.austinregionalclinic.com https://www.google.com https://arcwebsecure.com;               frame-ancestors 'self' data: blob: https://vmecharttest1 https://vmecharttest2 https://mychart.austinregionalclinic.com https://mycharttest.austinregionalclinic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://mychart.austinregionalclinic.com https://www.googletagmanager.com https://maps.googleapis.com               https://js.hsforms.net https://js.hs-scripts.com https://api.airbud.io https://js.hs-banner.com https://js.hs-analytics.net https://www.google-analytics.com               https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://web.hyro.ai               https://mycharttest.austinregionalclinic.com https://vmecharttest2 https://static.cloudflareinsights.com https://snap.licdn.com;              style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.airbud.io https://code.jquery.com https://web.hyro.ai https://mychart.austinregionalclinic.com;               font-src 'self' https://fonts.gstatic.com https://code.jquery.com;               form-action 'self' https://forms.hsforms.com https://www.austinregionalclinic.com;               img-src 'self' data: https://forms.hsforms.com https://js.hsforms.net https://api.hubspot.com https://forms-na1.hsforms.com https://track.hubspot.com https://maps.gstatic.com               https://hyropublic.blob.core.windows.net https://www.googletagmanager.com https://d3sxx09phm2x4h.cloudfront.net https://d1mkxymatx0q5n.cloudfront.net https://maps.googleapis.com               https://www.google.com https://www.facebook.com https://img.youtube.com https://px.ads.linkedin.com https://i.ytimg.com;              connect-src 'self' https://maps.googleapis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.google-analytics.com https://hyropublic.blob.core.windows.net https://app.launchdarkly.com               wss://web.hyro.ws/widget-client https://events.launchdarkly.com https://stats.g.doubleclick.net https://clientstream.launchdarkly.com https://cdn.linkedin.oribi.io;              object-src 'none';              base-uri 'self';              media-src 'self' https://d1mkxymatx0q5n.cloudfront.net; 1
default-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * blob: data: 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' https://*.fhstp.ac.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://*.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://*.pagestrip.com https://pagestrip.com https://*.google.com https://*.linkedin.oribi.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://*.issuu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://i1.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com; media-src 'self' data: http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://*.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://*.pagestrip.com; 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
default-src 'none'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
default-src 'self' *.ebola.cz; options inline-script eval-script; img-src 'self' *.ebola.cz 1
nonce=413113734 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' smart911.com www.smart911.com safety.smart911.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.vsfbsw.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; frame-ancestors 'self'; 1
upgrade-insecure-requests; default-src *.usclimatedata.com *.gstatic.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com/* *.googlesyndication.com adservice.google.nl adservice.google.com adservice.google.cl *.googleadservices.com *.google.com *.googletagservices.com *.google-analytics.com apis.google.com ajax.googleapis.com *.googletagmanager.com *.usclimatedata.com *.bootstrapcdn.com *.gstatic.com *.geolocation.io *.google.com/recaptcha/ ssl.google-analytics.com *.addthis.com *.google.com googleads.g.doubleclick.net https:; frame-src bid.g.doubleclick.net data: https:; connect-src 'self' *.usclimatedata.com pagead2.googlesyndication.com www.google-analytics.com fundingchoicesmessages.google.com; img-src 'self' *.maps.googleapis.com/* *.googletagmanager.com https//google-analytics.com googleads.g.doubleclick.net *.google.com data: https:; style-src 'self' 'unsafe-inline' *.apis.google.com *.googleapis.com *.bootstrapcdn.com *.usclimatedata.com *.gstatic.com;font-src *.bootstrapcdn.com *.usclimatedata.com cdnjs.cloudflare.com data: 'self';base-uri 'self'; form-action 'self'; 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1
frame-ancestors 'self' *.gohunt.com 1
frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1
default-src 'self' data: ws://*.catapush.com wss://*.catapush.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; block-all-mixed-content; connect-src data: blob: 'unsafe-inline' *.catapush.com ws://*.catapush.com wss://*.catapush.com https://*.google-analytics.com https://*.googleapis.com https://checkout.stripe.com https://api.stripe.com; font-src data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ fonts.gstatic.com cdn2.hubspot.net; form-action 'self' *.catapush.com; frame-ancestors 'self' *.catapush.com https://www.googletagmanager.com; frame-src 'self' data: blob: 'unsafe-inline' https://mautic.catapush.com https://checkout.stripe.com https://connect-js.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/; img-src 'self' data: blob: 'unsafe-inline' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://translate.google.com https://ajax.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://js.hsforms.net/forms/v2.js https://*.stripe.com; object-src https://s3-eu-west-1.amazonaws.com/catapush-cdn/; script-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://ipinfo.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://checkout.stripe.com https://js.stripe.com https://js.hsforms.net/forms/v2.js 'report-sample' 'unsafe-inline' 'nonce-T9FxMRZ+k55tW8aDRDQPWQ=='; style-src 'self' *.catapush.com https://s3-eu-west-1.amazonaws.com/catapush-cdn/ https://s3-eu-central-1.amazonaws.com/catapush-cdn-frankfurt/ https://*.gstatic.com 'unsafe-inline' 'report-sample'; report-uri /csp-violation-report-endpoint 1
frame-ancestors https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com; report-uri /report-csp-violation 1
frame-ancestors; none 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
frame-src 'self' tradeapi2.bsc.com.vn 1
connect-src 'self' idx.liadm.com *.doubleclick.net *.linkedin.com cdn.linkedin.oribi.io consentcdn.cookiebot.com maps.googleapis.com www.google-analytics.com player-telemetry.vimeo.com region1.google-analytics.com 132vod-adaptive.akamaized.net 62vod-adaptive.akamaized.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ; font-src 'self' *.podigee-cdn.net fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.taylorwessing.com form.typeform.com tw.bryter.io *.podigee.io *.podigee-cdn.net *.newsmailservice.de *.soundcloud.com *.podcasts.apple.com *.spotify.com *.fliplet.com sites-taylor-wessing.vuturevx.com v6.newsmailservice.de app.livestorm.co *.buzzsprout.com consentcdn.cookiebot.com player.vimeo.com www.google.com *.youtube.com taylorwessing.foleon.com datastudio.google.com lookerstudio.google.com; img-src *.siteimproveanalytics.io *.linkedin.com 'self' data: i.vimeocdn.com maps.googleapis.com maps.gstatic.com www.google-analytics.com www.gstatic.com videoapi-sprites.vimeocdn.com; media-src blob:; script-src-elem *.taylorwessing.com *.podigee-cdn.net embed.typeform.com secure.visionary-enterprise-ingenuity.com siteimproveanalytics.com *.vimeo.com *.vimeocdn.com *.licdn.com *.hotjar.com  'unsafe-inline' www.google-analytics.com  'self' consent.cookiebot.com consentcdn.cookiebot.com f.vimeocdn.com maps.googleapis.com www.buzzsprout.com www.google.com www.googletagmanager.com www.gstatic.com extend.vimeocdn.com; style-src-elem 'unsafe-inline' 'self' *.podigee-cdn.net embed.typeform.com  f.vimeocdn.com fonts.googleapis.com hello.myfonts.net www.gstatic.com; worker-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'none'; 1
allow 'self'; options inline-script eval-script; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com; img-src *; media-src *; frame-src 'self'; style-src-elem *.gstatic.com 1
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.net; style-src https: 'unsafe-inline' https://*.dshs-koeln.de https://fast.fonts.net; img-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de; font-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.dshs-koeln.de https://*.mehrwert.de https://fast.fonts.com; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-10492e93386c2057b485c3a853195600' 'nonce-30c10999cd592634054b6901bddb13bf' 'nonce-89002ab89d77e1ddf844683f4f840ed5' 'nonce-4410fb58ac3c21517bad93d35f13d0c3' 'nonce-d1e5a993421013e90efe49461d116706' 'nonce-42215d78f0e5dfc0acdb3bf7f2aac30f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-10492e93386c2057b485c3a853195600' 'nonce-30c10999cd592634054b6901bddb13bf' 'nonce-89002ab89d77e1ddf844683f4f840ed5' 'nonce-4410fb58ac3c21517bad93d35f13d0c3' 'nonce-d1e5a993421013e90efe49461d116706' 'nonce-42215d78f0e5dfc0acdb3bf7f2aac30f' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self'  *.bosch-pt.com  bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com  bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1
frame-ancestors 'self' https://twitter.com; 1
base-uri 'self' 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com; 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/;base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
default-src 'self' *.atlantic.fr *.algolianet.com *.algolia.net *.google-analytics.com *.googlesyndication.com *.google.com *.cookiebot.com *.doubleclick.net *.groupe-atlantic.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.soyooz.com *.mixpanel.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.pinterest.com app.helo-activation.fr *.facebook.com *.inbenta.io  *.inbenta.service *.inbenta.services *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; base-uri 'self' *.atlantic.fr; block-all-mixed-content; font-src 'self' data: *.soyooz.com *.atlantic.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io fonts.gstatic.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; frame-ancestors 'self' *.atlantic.fr; frame-src 'self' *.atlantic.fr  *.youtube.com  *.vimeo.com  *.atlantic.fr  *.cookiebot.com  *.doubleclick.net  *.vectary.com  *.instagram.com *.facebook.com *.cdninstagram.com  *.pinterest.com  *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com; img-src 'self' data: *.atlantic.fr *.youtube.com *.ytimg.com *.vimeo.com *.google-analytics.com *.groupe-atlantic.com *.googletagmanager.com *.doubleclick.net *.google.fr *.google.com *.soyooz.com *.cdninstagram.com picsum.photos placekitten.com *.picsum.photos *.placeholder.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.facebook.com *.pinterest.com *.inbenta.com  *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.inbenta.io *.bazaarvoice.com *.cache.ephoto.fr; media-src 'self' *.atlantic.fr *.vimeo.com *.youtube.com *.instagram.com *.cdninstagram.com *.contentsquare.net *.contentsquare.com *.contentsquare.fr *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site; object-src 'none'; script-src 'self' blob: *.youtube.com  *.atlantic.fr 'unsafe-inline' 'unsafe-eval' *.kameleoon.eu *.kameleoon.com *.kameleoon.io  *.googletagmanager.com  *.groupe-atlantic.com  *.cookiebot.com  *.contentsquare.net *.contentsquare.com  *.contentsquare.fr  *.google-analytics.com  *.soyooz.com  *.mxpnl.com  code.jquery.com cdn.jsdelivr.net *.googleapis.com *.cloudflare.com  googleads.g.doubleclick.net  *.facebook.net  *.tradelab.fr  *.pinimg.com *.inbenta.services *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://fonts.gstatic.com  *.soyooz.com  *.atlantic.fr  *.kameleoon.eu *.kameleoon.com *.cloudflare.com unpkg.com *.kameleoon.io cdn.jsdelivr.net *.inbenta.io *.recette-qcnlnca-xzown47bo6s74.fr-3.platformsh.site *.staging-5em2ouy-xzown47bo6s74.fr-3.platformsh.site *.bazaarvoice.com 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self' *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net  *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1
default-src 'self'; frame-src 'self'  https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'  https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://new.express.adobe.com/webpage/static/embed/embed.js https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ https://www.doctify.com/ *.webspellchecker.net/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-237f07272d7a1d198f398c680dd57b2f' 'nonce-0e8e00c4e97df5fd192a0d3caef396d0' 'nonce-7bc3e25f97cd0331d488163c1f8fcf2e' 'nonce-e14ab0e29af0b9348a34d8d628aedee5' 'nonce-bd02e5ebf43b943f61c0556b919bbc66' 'nonce-380c3b6e75accb56bc793fa208f12973' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-237f07272d7a1d198f398c680dd57b2f' 'nonce-0e8e00c4e97df5fd192a0d3caef396d0' 'nonce-7bc3e25f97cd0331d488163c1f8fcf2e' 'nonce-e14ab0e29af0b9348a34d8d628aedee5' 'nonce-bd02e5ebf43b943f61c0556b919bbc66' 'nonce-380c3b6e75accb56bc793fa208f12973' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-lDkpMrPQRDDcmZq7l1dababhQMjiT0Vf' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
default-src 'self'; block-all-mixed-content; img-src 'self' www.google-analytics.com www.googletagmanager.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; report-uri /nelmio/csp/report 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src blob: 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://admin.relay42.com *.r42tag.com *.visualwebsiteoptimizer.com app.vwo.com *.pingvp.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com  www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://js.arcgis.com *.googleanalytics.com https://optimize.google.com http://*.hotjar.io:* https://*.hotjar.io:* googleads.g.doubleclick.net tpc.googlesyndication.com;style-src 'self' 'unsafe-inline' *.pingvp.com fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src data: 'self' *.pingvp.com *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net  https://script.hotjar.com http://script.hotjar.com optimize.google.com www.gstatic.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;font-src data: 'self' *.pingvp.com fonts.gstatic.com js.arcgis.com widget.greenonline.nl http://script.hotjar.com https://script.hotjar.com;connect-src 'self' *.pingvp.com *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io:* https://*.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net  *.visualwebsiteoptimizer.com app.vwo.com;media-src 'self' *.pingvp.com *.interpolis.nl;object-src 'self' *.pingvp.com;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com *.hotjar.io e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com optimize.google.com *.pingvp.com tpc.googlesyndication.com app.vwo.com;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com optimize.google.com tpc.googlesyndication.com app.vwo.com *.visualwebsiteoptimizer.com;form-action 'self' t.svtrd.com http://trx.ae https://transaction.acceptemail.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;upgrade-insecure-requests;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.googletagmanager.com www.googletagmanager.com connect.facebook.net youtube.com *.facebook.net *.youtube.com *.stg.brandwire.in *.mediawire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googletagmanager.com *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com www.googletagmanager.com *.googletagmanager.com *.idiva.com *.ilnconnect.com *.mensxp.com *.ilnconnect.com *.indiatimes.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net yandex.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.ru https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com  cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com  *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com  *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com  www.google-analytics.com ajax.googleapis.com assets.adobedtm.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com ok8static.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none' ;script-src * data: 'unsafe-inline' 'unsafe-eval' ;style-src * data: 'unsafe-inline' ;img-src * data: ;font-src * data: ;connect-src * ;media-src * ;object-src * ;child-src * ;frame-ancestors * ;form-action * ;manifest-src * ; 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; \
	script-src 'self' https://ajax.googleapis.com; \
	img-src 'self' https://ssl.google-analytics.com 1
default-src 'self' https://api.userway.org/ https://cdn.userway.org/ https://www.google-analytics.com https://connect.facebook.net https://script.crazyegg.com/ https://chatbot.visionbanco.com/ https://tracking.crazyegg.com/ https://stats.g.doubleclick.net/ https://www.youtube.com/ https://www.visionbanco.com https://cdn.jsdelivr.net/ https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api/siteverify https://www.gstatic.com/recaptcha/ https://www.google.com https://goo.gl/7K7WLu https://www.w3.org/2000/svg https://banner.visionbanco.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://chatbot.visionbanco.coms;font-src *; img-src * 'self' data: https:; 1
default-src 'self'; script-src 'self' 'nonce-AvyRCfyNMtIo2UHhfNVieO/EuASSlTfhzCODXV5oS8Y=' 'unsafe-inline' koop.piwik.pro; connect-src 'self' 'nonce-AvyRCfyNMtIo2UHhfNVieO/EuASSlTfhzCODXV5oS8Y=' 'unsafe-inline' koop.piwik.pro; img-src 'self' koop.piwik.pro; style-src 'self' 'nonce-AvyRCfyNMtIo2UHhfNVieO/EuASSlTfhzCODXV5oS8Y=' 'unsafe-inline'; frame-src 'self' data: koop.piwik.pro; frame-ancestors 'self'; 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de  platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.instagram.com *.cdninstagram.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.rpr1.de 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' http://*.usercentrics.eu:* https://*.usercentrics.eu:* http://*.usercentrics.eu https://*.usercentrics.eu wss://*.usercentrics.eu 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob: https://*.reactful.com http://*.reactful.com; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src 'self';  style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; 1
report-to 'self' ; child-src 'self' ; connect-src 'self' *.getnitropack.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net *.gstatic.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' swiftcdn6.global.ssl.fastly.net px4.ads.linkedin.com blob: player.vimeo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net www.google.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self' px4.ads.linkedin.com swiftcdn6.global.ssl.fastly.net www.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ts.w.org s.w.org ps.w.org cdn.usefathom.com snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' vsplayer.global.ssl.fastly.net *.googleadservices.com blob: *.nitrocdn.com cdn.usefathom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline' ; style-src 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' blob: *.nitrocdn.com fonts.googleapis.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.typekit.net snap.licdn.com *.doubleclick.net *.googlesyndication.com cdn.linkedin.oribi.io px.ads.linkedin.com *.getnitropack.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  blob:;  upgrade-insecure-requests; 1
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 1
default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; img-src 'self' data: blob: fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; frame-src 'self' youtube.com www.youtube.com cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; font-src 'self' fonts.googleapis.com; 1
frame-ancestors *.mastercardconnect.com 1
default-src 'self' 'unsafe-inline' data: 'unsafe-hashes' sha256-8mtE2lezrJT4S67cW4pWVhz/pwoK7b8USlyAQAIxkMk= sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ= *.manodaktaras.lt *.manodaktaras.local *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.lt *.ampproject.org *.googleapis.com omnisnippet1.com *.gemius.pl *.soundestlink.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.quickblox.com wss://chat.quickblox.com:5291 *.facebook.net *.facebook.com *.google-analytics.com *.jsdelivr.net *.sentry-cdn.com *.ingest.sentry.io *.cookielaw.org *.onetrust.com *.onetrust.io *.youtube.com media.twiliocdn.com *.twilio.com wss://*.twilio.com optanon.blob.core.windows.net klinikoms.manodaktaras.lt klinikoms.manodaktaras.local:8890; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net www.buzzsprout.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net cdn.schemaapp.com fcscdn.broadridge.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net; 1
default-src 'self' https://*.webbfabriken.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.webbfabriken.com https://use.fontawesome.com https://a.omappapi.com https://a.omwpapi.com https://use.typekit.net https://script.hotjar.com https://www.google.com https://www.google.se https://static.hotjar.com https://chimpstatic.com https://www.google-analytics.com https://m8m7u2y3.stackpathcdn.com https://ajax.googleapis.com https://connect.facebook.net https://www.facebook.com https://cdn.jsdelivr.net https://www.googletagmanager.com; object-src 'self' https://www.webbfabriken.com; style-src 'self' 'unsafe-inline' https://www.webbfabriken.com https://fonts.googleapis.com https://a.omwpapi.com https://a.omappapi.com https://m8m7u2y3.stackpathcdn.com; img-src 'self' data: https://www.webbfabriken.com https://wfsecapi.se https://a.omappapi.com https://a.omwpapi.com https://p.typekit.net https://googleads.g.doubleclick.net https://www.google.se https://www.google.be https://region1.analytics.google.com https://m8m7u2y3.stackpathcdn.com https://www.google.com https://*.gstatic.com https://*.w.org https://www.uc.se https://www.abuseipdb.com https://*.google-analytics.com https://www.facebook.com; media-src 'self' https://www.webbfabriken.com; frame-src 'self' https://www.webbfabriken.com https://m8m7u2y3.stackpathcdn.com https://www.facebook.com; font-src 'self' data: https://www.webbfabriken.com https://use.typekit.net https://fonts.gstatic.com https://a.omwpapi.com https://m8m7u2y3.stackpathcdn.com; connect-src 'self' https://www.webbfabriken.com https://cdn.jsdelivr.net https://region1.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://z.omwpapi.com https://a.omappapi.com https://api.omwpapi.com https://optinmonster.com https://*.google-analytics.com https://www.facebook.com; report-uri https://www.webbfabriken.com/_sys/csp_report_log/insert.php 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-4CJX3AR0GflUY6ZdXfv5eLakZIHOeilg' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
script-src 'self' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.industowers.com/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.industowers.com/; form-action 'self' data: ; worker-src 'self' data: ; 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.g.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io;font-src 'self' *.hotjar.com;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com *.hotjar.com;worker-src 'self'; 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com; 1
default-src 'self' ;options inline-script eval-script;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com *.mouseflow.com;frame-src https://www.youtube.com *.mouseflow.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.nl https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.googletagmanager.com https://developers.google.com https://maps.googleapis.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://fonts.googleapis.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl 1
block-all-mixed-content; frame-ancestors 'self' 1
default-src 'self'; img-src 'self' https: data:; font-src 'self' https:; script-src 'unsafe-inline' https:; object-src 'none'; frame-ancestors https: http://localhost:4200; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; frame-src 'self' https://www.google.com https://kleos2.wolterskluwer.com https://qa2eu.kleosapp.com https://staging.kleosapp.com https://eu.kleosapp.com http://landing.kleos.wolterskluwer.com https://landing-kleos.wolterskluwer.com https://www.wkf.fr http://www.nj.se/kleos http://www.kleossupport.be http://avvocatiliberi.it/kleos http://www.wk-logiciels.fr https://info.wolterskluwer.com https://pagelogin.avvocatiliberi.it https://demologinpage.labonext.com https://comm.lopcloud.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net translate.google.com translate.googleapis.com www.google.com www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net www.gstatic.com; img-src 'self' data: cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net fonts.gstatic.com www.gstatic.com www.google.com; media-src 'none'; frame-src 'none'; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net netdna.bootstrapcdn.com; connect-src 'self' translate.googleapis.com 1
default-src 'self' data: *.umbraco.org api.pwnedpasswords.com *.hotjar.com services.postcodeanywhere.co.uk *.google-analytics.com www2.theticketfactory.com connect.facebook.net *.facebook.com https://fbanalytics.theticketfactory.com ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net *.googleadservices.com *.google.co.uk *.google.com s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://analytics.tiktok.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; object-src data: 'unsafe-eval' 'self' assets.theticketfactory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com fast.fonts.net cdn.jsdelivr.net *.theticketfactory.com services.postcodeanywhere.co.uk *.queue-it.net cookiesuksouth.blob.core.windows.net https://*.hotjar.com; img-src 'self' 'self' data: www.awin1.com https://*.hotjar.com *; script-src 'self' 'unsafe-inline' ajax.googleapis.com *.cloudflare.com ajax.aspnetcdn.com bat.bing.com https://clarity.microsoft.com code.jquery.com *.googletagmanager.com *.google-analytics.com cdn.jsdelivr.net connect.facebook.net *.facebook.com theti11119.pcapredict.com *.hotjar.com 'unsafe-eval' services.postcodeanywhere.co.uk assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com www.dwin1.com cookiesuksouth.blob.core.windows.net geolocation.onetrust.com *.tiktok.com *.twitter.com *.googleadservices.com *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 d16fk4ms6rqz1v.cloudfront.net applepay.cdn-apple.com *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; font-src 'self' 'self' data: fonts.gstatic.com pro.fontawesome.com fast.fonts.net *.hotjar.com fonts.gstatic.com applepay.cdn-apple.com https://*.hotjar.com; frame-src 'self' *.facebook.com *.servebase.net *.arcot.com *.hotjar.com assets.theticketfactory.com www2.theticketfactory.com *.queue-it.net www2.theticketfactory.com theticketfactory.queue-it.net *.youtube.com *.spotify.com *.tiktok.com *.twitter.com *.10digital.co.uk connect.facebook.net ccocauth.10digital.co.uk *.coventry2021.co.uk *.doubleclick.net s.salecycle.com i.salecycle.com c.salecycle.com ws.salecycle.com mymachine.salecycle.com:8080 *.stay22.com *.onetrust.com *.optimize.google.com *.googleoptimize.com https://*.hotjar.com *.hotelmap.com *.quantserve.com *.quantcount.com d16fk4ms6rqz1v.cloudfront.net gtm-tp57jc8-ndq4z.uc.r.appspot.com necdigitalteamapi.azurewebsites.net drdhvt9zf1m5e.cloudfront.net; report-uri https://theticketfactory.report-uri.com/r/d/csp/enforce ; 1
frame-ancestors 'self'; default-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; img-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' *.progress.ie data: *.addtoany.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.google.ie *.google.co.uk *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.gstatic.com *.issuu.com *.jquery.com *.livechat-files.com *.livechatinc.com *.mapbox.com *.surveymonkey.com *.trustpilot.com *.umbraco.org *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com; 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com 'nonce-NWM4Y2U1MDljNDg2NTQ0MGNmMjViNzBlOTZiMjAzYjUwNDg3ODA1NDEyMTYxMzJhNzQyNGQyYmVhNDdiMWFhMmM2YTI3OGM0NWNhZGUwNWNlOTI5ZTg3YTA0NjNiNjI5YjkxMzE4MGM2MTlkZjFlMWVhYjQ1YWViZjM3ODM0OTU=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
frame-ancestors 'self' *.leoncountyfl.gov ; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-x5FAY+qfhrpsE6baTWb4WynsLB+C4s+oYmRRXQFwFn5+A/vo'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
font-src 'self'; 1
frame-ancestors *.amboss.com 1
default-src 'self';img-src *; script-src *; 1
default-src 'unsafe-inline' 'self' https:; child-src 'self'; connect-src 'self' https:; font-src 'self' fonts.gstatic.com; frame-src 'self' https:; img-src * data:; manifest-src 'self'; media-src 'self' https:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'unsafe-inline' 'self' *.twitter.com *.twimg.com fonts.googleapis.com; worker-src 'self'; base-uri 'self'; form-action 'self' *.twitter.com *.qenta.com; navigate-to 'self' https: 1
object-src 'none'; frame-ancestors *; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self'; 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net  https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com player.vimeo.com;  1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
allow *; options inline-script eval-script; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.buymusic.club wss://ws.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com 'nonce-/l6fWpbEt9bQqaKEh8ihMg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src 'self'; script-src 'self'; img-src 'self' 1
default-src 'self' *.prorealtime.com prorealtimesoftware: data: 'report-sample'; block-all-mixed-content; font-src 'self' *.prorealtime.com *.avast.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; form-action 'self' *.prorealtime.com *.it-finance.com https://p.monetico-services.com https://*.e-transactions.fr 'report-sample'; frame-ancestors 'self' https://*.prorealtime.com; frame-src 'self' *.prorealtime.com *.it-finance.com prorealtimesoftware: youtube.com www.youtube.com 'report-sample'; img-src 'self' *.prorealtime.com *.it-finance.com data: i.ytimg.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; object-src 'none'; script-src 'self' *.prorealtime.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.googleapis.com s.ytimg.com 'report-sample'; style-src 'self' *.prorealtime.com 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com 'report-sample'; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de *.googleapis.com 1
allow 'script-src' 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.pingdom.net *.groupe-mediactive.fr fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://staticfiles.digitalchargingsolutions.com https://*.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
"default-src *" 1
default-src *; style-src 'self'* .addthis.com *.nationalgridus.com* .cloudflare.com *.olark.com* .gstatic.com *.googleapis.com; script-src 'self'* .speedpay.com *.google.com* .gstatic.com *.olark.com* .googleapis.com *.gstatic.com* .crazyegg.com *.google-analytics.com* .googletagmanager.com *.feedbackify.com* .nationalgridus.com; img-src *; font-src* ; connect-src *;.rienergy.com; 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' www.facebook.com wss://*.hotjar.com  *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 1
frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-eval'; style-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 'unsafe-inline'; frame-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com; font-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; img-src 'self' *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com data:; connect-src 'self' *.horacemann.com *.accessibe.com acsbapp.com web1.acsbapp.com cdn.acsbapp.com greenhouse.io *.typekit.net *.doubleclick.net *.polyfill.io boards.greenhouse.io cdn.oncehub.com *.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com *.horacemann.com localhost:3238 home-c11.incontact.com www.retirementaccountlogin.com maxcdn.bootstrapcdn.com code.jquery.com recruiting.adp.com www.youtube.com cdn.bootstrapcdn.com www.facebook.com horacemann.actonservice.com connect.facebook.net cdnjs.cloudflare.com www.facebook.com app.kiddom.co cloud.e.horacemann.com woobox.com www.clearsurance.com clearsurance.com Facebook.net Business.facebook.com Twitter.com Twitter.net Linkedin.com Linkedin.net Pinterest.com Pinterest.net Instagram.com Instagram.net Youtube.com Youtube.net Siteimprove.com Dynomapper.com cdn.finra.org staticxx.facebook.com fonts.google.com platform.twitter.com *.twimg.com syndication.twitter.com 1
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com 1
frame-ancestors 'self' https://*.hapara.com/ 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
frame-ancestors https://tsetscdev.prod.acquia-sites.com/ https://tsetscstage.prod.acquia-sites.com/ https://ecommercdev.tatasteel.online  https://ecommerctst.tatasteel.online  https://ecmc01qa.tatasteel.online  https://ecmc01dev.tatasteel.online https://www.tatasteeleurope.com https://www.tatasteel.online https://ecmc01.tatasteel.online https://ecmc03-p.tatasteel.online https://ecmc03-d.tatasteel.online https://ecmc03-acc.tatasteel.online/ https://ecmc03-t.tatasteel.online/ https://tsedev.prod.acquia-sites.com https://tsestg.prod.acquia-sites.com https://www.beta-tatasteeleurope.com https://cpws01-d.tatasteel.online https://dev.tatasteeleurope.com preprod.tatasteeleurope.com test.tatasteeleurope.com ecmc03-pp.tatasteel.online  https://local.tatacwr.com/CWR/docroot/; report-uri /report-csp-violation 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
default-src 'self' data: ecosystem.matomo.cloud fonts.googleapis.com fonts.gstatic.com; base-uri 'self' ecosystem.matomo.cloud; block-all-mixed-content; connect-src 'self' wss: *.creativecdn.com *.criteo.com *.hotjar.com *.hotjar.io *.taboola.com consentcdn.cookiebot.com ecosystem.matomo.cloud maps.googleapis.com region1.analytics.google.com stats.g.doubleclick.net; frame-src 'self' *.doubleclick.net *.creativecdn.com *.criteo.com *.greenconnected.fr bonusqualirepar.ecosystem.eco consentcdn.cookiebot.com ecosystem.matomo.cloud form.jotform.com f.ecosystem.eco page.ecosystem.eco portail-reparateurs.ecosystem.eco www.google.com www.youtube-nocookie.com www.youtube.com; img-src 'self' data: *.creativecdn.com *.doubleclick.net *.ecosystem.eco *.taboola.com img.youtube.com jedonnemontelephone.fr maps.googleapis.com maps.gstatic.com r.phywi.org www.google.fr www.googletagmanager.com www.img-static.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'report-sample' 'self' nonce-gtm251 *.criteo.com *.hotjar.com *.pwspace.com *.taboola.com cdn.datatables.net cdn.matomo.cloud cdn.powerspace.com consent.cookiebot.com consentcdn.cookiebot.com ecosystem.matomo.cloud js-tag.zemanta.com maps.googleapis.com tags.creativecdn.com www.googletagmanager.com www.youtube.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.datatables.net ecosystem.matomo.cloud fonts.googleapis.com fonts.gstatic.com; worker-src 'none' 1
default-src 'self' 'unsafe-inline' nominatim.openstreetmap.org service.bzga.de piwik.bzga.de; style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:; img-src 'self' data: shop.bzga.de piwik.bzga.de a.tile.openstreetmap.de b.tile.openstreetmap.de c.tile.openstreetmap.de service.bzga.de; frame-src bzga.neueshandeln.de; 1
default-src 'self' *.akamaihd.net *.facebook.com *.kaporal.com *.kaporal.net *.payline.com *.payments-amazon.com *.truefitcorp.com https://photorankapi-a.akamaihd.net *.build.kaporal.net *.heyday.ai pay.google.com *.vimeo.com *.akamaized.net *.sc-static.net *.analytics.google.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.appsmiles.eu *.bing.com *.kaporal.com *.cdn.payline.com *.payments-amazon.com/ *.truefitcorp.com https://ajax.googleapis.com https://connect.facebook.net/en_US/sdk.js https://photorankapi-a.akamaihd.net https://photorankstatics-a.akamaihd.net https://www.googletagmanager.com pixel.cdnwidget.com *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.criteo.com *.criteo.net *.heyday.ai docs.google.com *.googleadservices.com *.build.kaporal.net unpkg.com *.unpkg.com *.adobe.net *.adyen.com *.contentsquare.net www.google-analytics.com www.paypal.com *.googleapis.com https://commerce.adobedtm.com https://unpkg.com/@adobe/magento-storefront-event-collector@^1/dist/index https://unpkg.com/@adobe/magento-storefront-events-sdk@%5E1/dist/index.js https://magento-recs-sdk.adobe.net/v2/index.js www.paypalobjects.com *.paypal.com *.google.com *.shipup.co *.clarity.ms *.batch.com *.powerspace.com an.pwspace.com t.contentsquare.net contentsquare.com *.contentsquare.com *.pwspace.com *.social-media-system.com social-media-system.com *.sc-static.net sc-static.net api.social-media-system.com www.datadoghq-browser-agent.com https://analytics.tiktok.com *.vimeo.com *.avads.net *.snapchat.com *.affilae.com *.analytics.google.com pay.google.com blob:;frame-src 'self' *;style-src 'self' 'unsafe-inline' *.amazonaws.com *.cdn.payline.com *.truefitcorp.com photorankstatics-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.googletagmanager.com *.build.kaporal.net *.b.kaporal.net *.googleapis.com *.paypal.com *.adyen.com *.google.com *.shipup.co *.kaporal.com *.heyday.ai *.sc-static.net *.avads.net *.analytics.google.com pay.google.com;img-src 'self' data: *.akamaihd.net *.amazonaws.com *.appsmiles.eu *.bing.com *.cdnwidget.com *.cloudfront.net *.eu-west-3.amazonaws.com *.facebook.com *.kaporal.com *.kaporal.net *.cdn.payline.com *.pinterest.com *.truefitcorp.com data.photorank.me photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net *.devatics.io *.devatics.com *.onestock-retail.io *.doubleclick.net *.g.doubleclick.net notifpush.com *.notifpush.com actito.com *.actito.com mmtro.com *.mmtro.com *.facebook.net facebook.net *.google.com *.google.fr *.adnxs.com *.criteo.com *.criteo.net *.heyday.ai *.build.kaporal.net *.adyen.com *.pubmatic.com *.analytics.yahoo.com *.yahoo.com *.emxdgt.com *.ad.smaato.net *.mediavine.com *.stickyadstv.com *.ivitrack.com *.sharethrough.com *.omnitagjs.com *.adform.net *.media.net *.teads.tv *.360yield.com *.casalemedia.com *.3lift.com *.smartadserver.com *.taboola.com *.outbrain.com *.tremorhub.com *.ads.yieldmo.com *.rubiconproject.com *.liadm.com *.googleapis.com *.gstatic.com www.paypalobjects.com www.paypal.com *.paypal.com *.shipup.co *.onestock-retail.com *.bidswitch.net *.advertising.com *.rlcdn.com googletagmanager.com s.ad.smaato.net *.mgid.com tbs.tradedoubler.com *.clarity.ms *.batch.com *.powerspace.com public-prod-dspcookiematching.dmxleo.com i.liadm.com criteo-partners.tremorhub.com www.img-static.com r.phywi.org *.contentsquare.net *.contentsquare.com www.googletagmanager.com *.googletagmanager.com *.sc-static.net sync-criteo.ads.yieldmo.com *.vimeo.com *.google-analytics.com *.avads.net id5-sync.com *.yieldlab.net *.criteo.com *.demdex.net *.krxd.net *.thebrighttag.com *.affilae.com *.analytics.google.com pay.google.com;font-src 'self' data: *.kaporal.com *.cdn.payline.com *.truefitcorp.com maxcdn.bootstrapcdn.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com *.shipup.co *.heyday.ai *.sc-static.net *.amazonaws.com *.analytics.google.com pay.google.com;connect-src 'self' *.abtasty.com *.akamaihd.net *.appsmiles.eu *.facebook.com *.google-analytics.com *.googleapis.com *.payline.com *.payments-amazon.com *.truefitcorp.com https://graph.facebook.com https://photorankmedia-a.akamaihd.net https://z1photorankmedia-a.akamaihd.net *.onestock-retail.io facebook.net *.facebook.net *.doubleclick.net *.g.doubleclick.net *.heyday.ai *.bing.com *.cdnwidget.com *.cdnbasket.net *.kaporal.com *.onestock-retail.com notifpush.com *.clarity.ms www.clarity.ms *.criteo.com *.batch.com *.powerspace.com *.contentsquare.net *.contentsquare.com *.sc-static.net *.snapchat.com *.social-media-system *.pwspace.com api.social-media-system.com www.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.vimeo.com https://analytics.tiktok.com *.build.kaporal.net *.adyen.com *.adobedc.net www.sandbox.paypal.com sslwidget.criteo.com https://commerce.adobedc.net/collector/tp2 https://commerce.adobe.io www.paypalobjects.com www.paypal.com *.paypal.com *.avads.net *.analytics.google.com pay.google.com google.com ;base-uri 'self';media-src 'self' data: *.build.kaporal.net *.b.kaporal.net *.p.kaporal.net *.kaporal.com;report-uri /csp/report 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'nonce-f478f78468094f9087cff2d1f1928edb' 'unsafe-eval' https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com ;connect-src 'self' https://docs.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ; 1
block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live ar.team.live pl.team.live tr.team.live; 1
https://client.libertydentalplan.com; https://libertydentalplan.com  1
default-src 'self' blob: data: https://api.ipstack.com https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://app.pendo.io https://cdn.pendo.io https://data.pendo.io https://pendo-op-static.storage.googleapis.com https://pendo-static-5741583443689472.storage.googleapis.com https://go.enverus.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://chart.googleapis.com https://maps.googleapis.com https://ajax.googleapis.com https://player.vimeo.com https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://rseg-dev.auth0.com https://client.px-cloud.net https://collector-PXmAgoUgH1.px-cloud.net https://collector-PXmAgoUgH1.px-cdn.net https://collector-PXmAgoUgH1.pxchk.net https://cdn.skypack.dev https://cdn.jsdelivr.net https://us01ccistatic.zoom.us https://us01campaign.zoom.us https://us01apizva.zoom.us https://file.zoom.us wss://zpns.zoom.us 'unsafe-eval' 'unsafe-inline'; font-src 'self' blob: data: https://cdn.skypack.dev https://cdn.jsdelivr.net; frame-ancestors 'self' energylink.com *.energylink.com enverus.com *.enverus.com app.pendo.io data.pendo.example.com collector-PXmAgoUgH1.px-cloud.net collector-PXmAgoUgH1.px-cdn.net collector-PXmAgoUgH1.pxchk.net 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-LQfgr64lLmD/rsBd' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
frame-ancestors https://www.abarset.com/ https://abarset-grandvalira.com/ http://*.grandvalira.com https://*.grandvalira.com http://*.ordinoarcalis.com https://*.ordinoarcalis.com http://*.grandvaliraresorts.com https://*.grandvaliraresorts.com http://*.palarinsal.com https://*.palarinsal.com 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a10065315939.cdn.optimizely.com https://a10065315939.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be  https://app.usercentrics.eu/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.newrelic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1
frame-ancestors https://*.ilnotiziario.net 1
default-src 'self' data: https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; \
    script-src 'self' https://ajax.googleapis.com; \
    img-src 'self' https://ssl.google-analytics.com 1
frame-src 'self' http://*.lib.uiowa.edu https://*.lib.uiowa.edu 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com   https://*.googletagmanager.com  https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; frame-ancestors 'self' *.global2000.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; \
        script-src 'self' https://ajax.googleapis.com; \
        img-src 'self' https://ssl.google-analytics.com 1
: default-src 'self' 1
default-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; fmedia-src 'self'; frame-src 'self'; object-src 'none'; frame-ancestors 'self' 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/; object-src 'self' style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
frame-ancestors https://go.cargomatic.com/l/911892/2023-10-10/rzl4f 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src https://www.youtube.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.linkedin.com 'self' https://ausi.github.io/ *.pinimg.com *.pinterest.com; img-src * data: blob:; manifest-src deltalight.com 'self'; media-src *; script-src deltalight.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.doubleclick.net *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com www.youtube.com/iframe_api tagmanager.google.com https://snap.licdn.com https://play.google.com https://analytics-eu.clickdimensions.com https://ausi.github.io *.pinimg.com *.pinterest.com; style-src deltalight.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
frame-ancestors 'self' data: northernlighthealth.org *.northernlighthealth.org *.workforceeap.com *.healthylifeeap.com *.cerner.com *.healtheintent.com *.blackbaudhosting.com *.blackbaud.com *.google.com *.findhelp.com *.youtube.com; frame-src 'self' data: northernlighthealth.org *.northernlighthealth.org *.force.com *.workforceeap.com *.healthylifeeap.com *.cerner.com *.healtheintent.com *.blackbaudhosting.com *.blackbaud.com *.google.com *.votervoice.net *.findhelp.com *.youtube.com *.millerdrug.com *.understand.com *.doubleclick.net *.userway.org *.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' data: cdn.evgnet.com *.fontawesome.com *.force.com *.salesforce.com *.salesforce-sites.com *.salesforceliveagent.com *.datatables.net workforceeap.com healthylifeeap.com northernlighthealth.org *.northernlighthealth.org accessibilityserver.org siteimproveanalytics.com unpkg.com *.votervoice.net *.youtube.com *.sharethis.com *.findhelp.com *.workforceeap.com *.healthylifeeap.com *.cerner.com *.nr-data.net *.newrelic.com *.healtheintent.com *.bootstrapcdn.com *.jsdelivr.net *.jquery.com *.blackbaudhosting.com *.blackbaud.com *.bidswitch.net *.gstatic.com *.google.com *.userway.org *.licdn.com *.google-analytics.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.googletagmanager.com *.twitter.com *.nr-data.net *.tonicforhealth.com *.healtheintent.com northernlighthealth.org *.northernlighthealth.org *.emhs.org; object-src 'self' data: *.workforceeap.com *.healthylifeeap.com  *.votervoice.net *.nr-data.net *.tonicforhealth.com *.healtheintent.com northernlighthealth.org  *.northernlighthealth.org *.emhs.org; img-src 'self' data: *.fontawesome.com *.documentforce.com *.salesforce.com *.rlcdn.com *.force.com *.youtube.com *.sharethis.com northernlighthealth.org *.northernlighthealth.org *.emhs.org *.siteimproveanalytics.io *.google.com maps.gstatic.com *.google-analytics.com *.googleapis.com *.ggpht maps.googleapis.com *.kyruus.com *.nr-data.net *.tonicforhealth.com *.healtheintent.com *.cloudflare.com *.adsrvr.org *.blackbaudhosting.com *.blackbaud.com *.googletagmanager.com *.rlcdn.com *.bidswitch.net *.userway.org *.cloudfront.com *.cloudfront.net *.media.net *.stackadapt.com *.findhelp.com; 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com region1.analytics.google.com region1.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob: 1
default-src 'self'; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com; connect-src 'self' https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://testnet.omni.network https://registry.walletconnect.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://rpc.ankr.com https://cloudflare-eth.com/ https://staging.cms.polkastarter.com https://cms.polkastarter.com;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com/ https://verify.walletconnect.com https://vercel.live;img-src 'self' data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com https://explorer-api.walletconnect.com https://vercel.com/;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;worker-src 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; connect-src https: wss:; font-src https: data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:  *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com maps.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com; worker-src 'self' blob: 1
default-src 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com data: blob: https: 'self' *.e-wie-einfach.de *.usercentrics.eu *.googletagmanager.com *.demdex.net ewieeinfach.tt.omtrdc.net *.trustedshops.com *.iadvize.com analytics.tiktok.com *.ad-srv.net *.ad4m.at; block-all-mixed-content; frame-ancestors https://*.e-wie-einfach.de 'self'; frame-src https: 'self' 10552776.fls.doubleclick.net *.iadvize.com; img-src https: 'self' data: blob: 1
frame-ancestors https://goloadup.com 1
default-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com; img-src 'self' *.helpscout.net fonts.gstatic.com fonts.googleapis.com *.cloudfront.net *.blob.core.windows.net recognition.asdastars.com asdastars.com www.asdastars.com recognitionapi.asdastars.com data:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/ https://www.google.com/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src https: 'nonce-wY14mNVrIevqa9QDDnjesA=='; style-src https: 'unsafe-inline' 1
base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.onetrust.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com cdn-ukwest.onetrust.com ict.infinity-tracking.net snap.licdn.com unpkg.com widget.trustpilot.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=eylpEFWDowbVW5DQd%2BytSOCBR5kwhsMYPqF%2Fp2kPQVoKqwCGE32XGQGumgHpmBZrQFS7Nvj350Geh58Y1yJBgA%3D%3D; 1
base-uri 'self' https://*.giving.sg; child-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; frame-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; connect-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://*.google-analytics.com https://*.googletagmanager.com https://*.giving.sg https://*.ckeditor.com https://stats.g.doubleclick.net https://*.google.com.sg https://*.facebook.com https://*.analytics.google.com https://analytics.pangle-ads.com https://google.com https://*.tiktok.com https://analytics.google.com 'self'; default-src 'self' https://*.giving.sg https://*.google-analytics.com https://googleads.g.doubleclick.net gap: 'unsafe-inline' 'unsafe-eval'; font-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.onemap.sg 'self' data:; img-src https://*.youtube.com https://img.youtube.com https://www.google.com https://www.onemap.gov.sg https://maps-c.onemap.sg https://maps-b.onemap.sg https://maps-a.onemap.sg https://*.s3.ap-southeast-1.amazonaws.com https://*.stripe.com 'self' data: blob: https://*.googletagmanager.com https://i.ytimg.com https://*.volunteer.gov.sg https://validator.swagger.io https://*.facebook.com https://*.google.com.sg https://analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net blob:; media-src 'self' https://*.giving.sg; object-src 'self'; script-src https://www.youtube.com https://www.google.com https://*.google.com https://*.google.com.sg https://*.onemap.sg https://*.googletagmanager.com https://*.google-analytics.com https://*.giving.sg https://www.gstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://js.stripe.com https://*.facebook.com https://tpc.googlesyndication.com https://*.tiktok.com https://*.googleadservices.com https://*.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.onemap.sg https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.giving.sg 'self' 'unsafe-inline'; frame-ancestors https://*.giving.sg https://giving.sg https://www.giving.sg https://js.stripe.com https://td.doubleclick.net outsystems://app.giving.sg 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=KBukbZD0699N9pji8uPH6Fwf%2BJuiaGx2%2Fk10AsA5jPqfxslIQeL8SvhEm9jooiI4gjzFu7v%2BJBYKKNIRIVmWGg%3D%3D; 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=j5XSOVq%2B7Q%2BNy0YrrPUZkb1y1qtBgY7rY5%2BIPdfpK6cbHUf0eHyfzVTbqIZrf0FdfZs1UGC07loubO%2BnUe5A9w%3D%3D; 1
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1
default-src 'self'; script-src 'self' 'self' https://www.google.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; font-src 'self' data: fonts.gstatic.com;frame-src 'self' https://www.google.com; report-uri https://login.microworkcloud.com.br/csp/report 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app; connect-src 'self' *.run.app *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app; frame-ancestors 'none' 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://appwizzy.com 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.recurly.com https://api.stripe.com/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://ingest.valued.app; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data:; frame-src https://js.stripe.com/ https://hooks.stripe.com/ api.recurly.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' blob: data: *; media-src 'self' https://js.intercomcdn.com; script-src 'self' js.recurly.com https://js.stripe.com/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.valued.app 'unsafe-inline' 'sha256-1gcjkQmF3vDBHqTK/GCaJKMg/UjNNomsjObGfUSd8GU=' 'sha256-jbA8VreA42SNzS8N9VHJ5N6pZWjqC2B/c/cBk+1diXE=' 'sha256-DcokebrOSmWciSX1qQC5mQVZVTuYP7rxG1GdCn4I4Ls='; style-src 'self' https://api.recurly.com 'unsafe-inline'; report-uri /nelmio/csp/report 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de https://*.usercentrics.eu www.googletagmanager.com; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data: https://*.usercentrics.eu; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net https://*.usercentrics.eu www.googletagmanager.com *.google-analytics.com; manifest-src 'self' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.aok.de https://mediathek.aok.de https://mediathek.aok.de:8443 https://anonym.aok.de https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com; img-src 'self' https://mediathek.aok.de https://anonym.aok.de https://*.vimeocdn https://*.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com data:; object-src none 1
connect-src 'self' *.fefundinfo.com *.fundinfo.com; font-src 'self' https://fonts.gstatic.com/ *.cloudflare.com; frame-src 'self' *.fundinfo.com *.fefundinfo.com edge-cdn.net *.google.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.gstatic.com *.fundinfo.com *.google.com *.jquery.com *.fefundinfo.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.fundinfo.com *.fefundinfo.com *.feprecisionplus.com https://fonts.googleapis.com/ 'unsafe-inline'; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com;	font-src 'self' fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' connect.facebook.net itunes.apple.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com ajax.googleapis.com s.ytimg.com; connect-src 'self' webadmin.heartline.com admin.heartline.com backend.heartline.com pascal-prod.evidation.com pascal-beta.evidation.com pascal.evidation.com stats.g.doubleclick.net www.google-analytics.com evidation-pascal.zendesk.com www.ups.com itunes.apple.com  www.facebook.com; img-src 'unsafe-inline' 'self' www.facebook.com www.google.com www.youtube.com stats.g.doubleclick.net www.google-analytics.com assets.prod.heartline.com i.ytimg.com data:; media-src 'self' assets.prod.heartline.com www.youtube.com i.ytimg.com;  frame-src 'self' assets.prod.heartline.com www.youtube.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:;font-src * data:; 1
form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://cdn.usefathom.com/script.js https://code.jquery.com https://checkout.stripe.com https://cdn.paddle.com https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://hcaptcha.com/* https://*.hcaptcha.com/* https://plausible.io/ https://app.mailjet.com/; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hcaptcha.com/ https://*.hcaptcha.com/ https://plausible.io/ https://app.mailjet.com/; object-src 'self' 1
frame-ancestors 'self' www.skaki64.gr skaki64.gr 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl;style-src https: *.ufg.pl ;img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl ;options inline-script eval-script; child-src https: *.ufg.pl; frame-ancestors 'self' *.ufg.pl; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com https://*.gravatar.com https://*.google-analytics.com; img-src 'self' data: https://wordpress.org https://*.gravatar.com https://*.wp.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.wp.com https://*.gravatar.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none' 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
object-src 'self'; frame-ancestors 'self'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-modals allow-downloads; base-uri 'self'; 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
frame-ancestors https://*.estratraining.it 1
frame-ancestors 'self' insights.hotjar.com 1
base-uri 'none';child-src 'none';connect-src 'self' https://staging.api.gam3s.gg/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://dev.api.polkastarter.gg/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://127.0.0.1:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self' *;frame-ancestors http://127.0.0.1:* https://polkastarter.gg https://www.polkastarter.gg https://www.gam3s.gg https://gam3s.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://va.vercel-scripts.com https://cdn.vercel-insights.com https://*.hotjar.com http://*.hotjar.com;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src 'self' https: blob: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
frame-ancestors 'self' finance.sponser.co.il 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://*.mailchimp.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://static.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://embed-cdn.flockler.com https://flockler.embed.codes https://plugins.flockler.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.onlim.com; font-src 'self' data: http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://fonts.gstatic.com https://*.onlim.com; img-src 'self' 'unsafe-inline' https://* http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://flockler.com https://*.rackcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googleapis.com data: https://.gstatic.com https://*.google.com https://secure.gravatar.com https://*.onlim.com; frame-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://*.spotify.com https://sn.kavedo.com https://smartslider3.com https://www.yumpu.com https://www.fitsportaustria.at https://board.fitsportaustria.at https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.youtube-nocookie.com https://*.onlim.com; connect-src 'self' http://*.sportunion.at http://sportunion.at https://*.sportunion.at https://sportunion.at https://stats.g.doubleclick.net https://yoast.com https://*.google-analytics.com wss://*.onlim.com https://*.onlim.com; media-src https://* 1
frame-ancestors https://www.degussa-goldhandel.de https://news.degussa-goldhandel.de https://www.degussa-adventskalender.de https://media.degussa-goldhandel.de 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; frame-src  'self' https://acs2.bgpb.by https://3ds.alfabank.by https://ipcacs.bps-sberbank.by https://3ds.priorbank.by https://emv3ds.npc.by https://acs2.mtbank.by https://acs2.mtbank.by:8043 https://3ds-pgi.mtbank.by https://3ds-pgi.mtbank.by:9663 https://api.mtbank.by https://mpi.mtbank.by https://mpi.mtbank.by:80  https://acs.mtbank.by https://c2c.mtbank.by https://3ds.alfabank.by https://3ds.priorbank.by https://acs.bgpb.by https://sca.npc.by https://www.sbs4u.by https://acs.multicarta.ru https://aacsw.3ds.verifiedbyvisa.com https://cap.attempts.securecode.com https://ipcacs.sberbank.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.mtbank.by/ https://app.blinger.io https://static.mybank.by https://api.mtbank.by https://www.google-analytics.com  https://halva.mtbank.by https://www.googletagmanager.com https://tagmanager.google.com; style-src 'self' blob: 'unsafe-inline' https://static.mybank.by;img-src 'self' https://*.by/ https://chat.mtbank.by/ https://blinger.io   https://app.blinger.io https://static.mybank.by data: blob:  https://www.google-analytics.com  https://www.googletagmanager.com ; font-src 'self' https://static.mybank.by; connect-src 'self' https://chat.mtbank.by/ wss://app.blinger.io; media-src 'self' 1
script-src 'self' 'nonce-8jDpcE6k5rGRHfm4agWPxdVS' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self' https://piwik.bzga.de/ script-src 'unsafe-inline' 'unsafe-eval' img-src https://piwik.bzga.de/ 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; 1
default-src 'self' static1.nautal.com; connect-src 'self' https://api.clickandboat.com static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://logs1412.xiti.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com https://analytics.tiktok.com api.stripe.com ekr.zdassets.com clickandboat.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com *.ingest.sentry.io api.realytics.io https://*.clarity.ms click-and-boat.pxf.io https://api.privacy-center.org; font-src 'self' data: static3.clickandboat.com fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.facebook.com *.criteo.com accounts.google.com www.google.com js.stripe.com hooks.stripe.com www.googletagmanager.com *.doubleclick.net click-and-boat.pxf.io; img-src 'self' static1.nautal.com static2.nautal.com https://assets.nautal.com/frontend-assets/master/ https://blog.nautal.com/ data: blob: quasar.clickbo.at *.google-analytics.com *.doubleclick.net secure.adnxs.com www.google.fr www.google.it www.google.es www.google.com www.google.de www.google.nl www.google.co.uk www.google.gr www.google.pl www.google.ch www.google.be www.google.com.br www.google.hr www.google.at www.google.pt www.google.se www.google.ru www.google.ca www.google.com.ar www.google.com.tr www.google.com.ua www.google.ie www.google.si www.google.ro www.google.com.mx www.google.com.mt www.google.com.au www.google.dk www.google.ae www.google.gp www.google.hu www.google.cz www.google.lu www.google.com.cy www.google.no www.google.me www.google.bg www.google.co.il www.google.rs www.google.sk *.bing.com *.facebook.com *.mydialoginsight.com maps.googleapis.com *.gstatic.com *.google.com *.google.fr v2assets.zopim.io v2uploads.zopim.io clickandboat.zendesk.com https://*.clarity.ms click-and-boat.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sdk.privacy-center.org; script-src 'unsafe-eval' 'self' static2.nautal.com https://assets.nautal.com/frontend-assets/master/ quasar.clickbo.at https://tag.aticdn.net *.google-analytics.com *.googleadservices.com *.google.com *.ggpht.com www.googletagmanager.com bat.bing.com www.facebook.com https://analytics.tiktok.com *.criteo.net sslwidget.criteo.com *.mydialoginsight.com *.googleapis.com www.gstatic.com connect.facebook.net js.stripe.com static.zdassets.com widget-mediator.zopim.com *.realytics.io *.realytics.net https://*.clarity.ms https://c.bing.com https://utt.impactcdn.com https://sdk.privacy-center.org https://tag.aticdn.net 'unsafe-inline' 'nonce-MKUCYfqQZLVYDcveWQTWwg=='; style-src 'self' static2.nautal.com static3.nautal.com https://assets.nautal.com/frontend-assets/master/ 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://sdk.privacy-center.org 1
default-src 'self'; script-src 'self' maps.googleapis.com e.issuu.com/embed.js https://js.stripe.com 'strict-dynamic' https: 'unsafe-eval' 'nonce-dfab47d397401e0f6044c3fddede4f42'; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://sentry.issuu.com/api/ https://api.stripe.com data: blob:; img-src * data:; media-src * data:; frame-src e.issuu.com *.google.com player.vimeo.com *.youtube.com https://js.stripe.com https://hooks.stripe.com; style-src 'self' https://fonts.googleapis.com 'nonce-8109e7ffa72920952077484d0ce7a8ed'; font-src * data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
default-src 'self';font-src 'self' fonts.gstatic.com data: 'self';connect-src 'self' *.getsmartlook.com ws://*.getsmartlook.com *.smartlook.com *.smartlook.cloud *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.clarity.ms;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.google.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.getsmartlook.com www.google.com connect.facebook.net www.googleadservices.com www.lhinsights.com *.smartlook.com *.smartlook.cloud https://googleads.g.doubleclick.net *.gstatic.com *.clarity.ms;form-action 'self';frame-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;child-src 'self' blob: www.youtube-nocookie.com www.youtube.com *.doubleclick.net www.google.com www.google.cz https://order.shareit.com;frame-ancestors 'self';img-src 'self' data: blob: *.clarity.ms *.ytimg.com *.gstatic.com *.googleapis.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net www.facebook.com www.lhinsights.com www.google.com www.google.cz *.smartlook.com *.smartlook.cloud *.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com *.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com https:; 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; https://cloudflare.com style-src 'self'; 1
*.cookieyes.com cdn-cookieyes.com 1
default-src 'self' ; script-src 'self' 1
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com 'self' 'unsafe-eval' 'nonce-8145f4c84c1f47aaa42369d000af7282'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.newforma.com/ https://bimtrack.co https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com 'self'; frame-ancestors https://*.bimtrackapp.co; sandbox allow-popups allow-forms allow-same-origin allow-scripts allow-downloads; base-uri 'self'; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com https://help.bimtrack.co data: https://bt03storage.blob.core.windows.net/; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-a9e8513ea08899da20fc02c96793ee2b' 'nonce-dad7eeae2731ec7538bbb04206b414c3' 'nonce-8cdb9671ce37f50f278a1ef0e387a01d' 'nonce-b92667b25ea0178cfa3733558f30f146' 'nonce-c6e90e289dcc28bba1600b6f4573315f' 'nonce-602214ca6792b4db83972b15f1b1192d' 'nonce-18bafefd3acf3df0c861020223d6ef20' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a9e8513ea08899da20fc02c96793ee2b' 'nonce-dad7eeae2731ec7538bbb04206b414c3' 'nonce-8cdb9671ce37f50f278a1ef0e387a01d' 'nonce-b92667b25ea0178cfa3733558f30f146' 'nonce-c6e90e289dcc28bba1600b6f4573315f' 'nonce-602214ca6792b4db83972b15f1b1192d' 'nonce-18bafefd3acf3df0c861020223d6ef20' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' *.vimeo.com *.doubleclick.net https://burgess.theatro360.com *.digitalimages.gr https://www.youtube.com https://www.google.com https://www.google.co.uk https://r1.dotmailer-surveys.com https://static.addtoany.com https://www.facebook.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://www.luxproimaging.com;  script-src *.jsdelivr.net qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.googleapis.com *.livechatinc.com *.quantcount.com *.quantserve.com *.doubleclick.net *.teads.tv www.googletagmanager.com r1.dotdigital-pages.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://email.burgessyachts.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.dnky.co https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://mc.yandex.ru https://static.trackedweb.net https://www.youtube.com https://static.addtoany.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://az416426.vo.msecnd.net https://r1.dotmailer-surveys.com https://s.ytimg.com https://r1-t.trackedlink.net https://connect.facebook.net view.ceros.com *.wirewax.com tour.theatro360.com https://download-video.akamaized.net/;  style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.dnky.co *.googleapis.com *.google.com *.typekit.net https://static.trackedweb.net https://api.tiles.mapbox.com https://fast.fonts.net https://r1.dotmailer-surveys.com *.stackadapt.com *.google.com;  img-src *.google.com doubleclick.net *.doubleclick.net *.teads.tv *.quantserve.com quantserve.com t.teads.tv teads.tv www.google.bs www.google.by www.google.cm www.google.co.cr www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.ve www.google.co.za www.google.com.ar www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.my www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.vc www.google.com.vn www.google.dz www.google.ee www.google.fi www.google.ge www.google.gg www.google.hu www.google.im www.google.iq www.google.is www.google.lk www.google.lv www.google.me www.google.mu www.google.mv www.google.no www.google.pl www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tn www.google.tt translate.google.com i.vimeocdn.com connect.facebook.net android-webview-video-poster	www.google.gr www.google.lu www.google.cz r1-t.trackedlink.net	www.google.az	www.google.bg www.google.ch	www.google.com.eg	www.google.com.mx www.google.com.ua	www.google.es	www.google.pt www.google.at www.google.com.mt www.google.com.tr www.google.ie www.google.ae www.google.it www.google.hr 	www.google.be www.google.co.id www.google.com.au www.google.com.br www.google.com.pk www.google.de www.google.dk www.google.fr www.google.je www.google.nl www.google.ro azweusaburdevqa.blob.core.windows.net beacon.krxd.net 	www.facebook.com www.google-analytics.com i.ytimg.com 'self' blob: data: https://www.gstatic.com https://ssl.gstatic.com https://www.google.ca https://az-weu-wa-bur-az-weu-wa-bur-staging.azurewebsites.net https://pre-live.burgessyachts.com https://burgessyachts.com https://www.googletagmanager.com https://mc.yandex.ru https://dev-burgess.craftedbeta.co.uk https://azweusabur.blob.core.windows.net https://azweusaburuat.blob.core.windows.net https://azweusaburdevqa.blob.core.windows.net https://a.tiles.mapbox.com https://api.tiles.mapbox.com https://azweusabur.blob.core.windows.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://beacon.krxd.net https://www.facebook.com;  connect-src *.hotjar.com commversion-public-functions.vercel.app *.teads.tv wss://ws6.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com 	wss://ws11.hotjar.com 	wss://ws3.hotjar.com 	wss://ws8.hotjar.com wss://ws9.hotjar.com 	www.google.com stats.addtoany.com wss://ws5.hotjar.com	www.google-analytics.com	wss://ws12.hotjar.com wss://ws4.hotjar.com wss://ws7.hotjar.com 'self' stats.g.doubleclick.net wss://ws2.hotjar.com https://api.comapi.com https://vc.hotjar.io https://in.hotjar.com https://events.mapbox.com https://vimeo.com https://mc.yandex.ru https://fpdl.vimeocdn.com https://www.facebook.com https://r1.trackedweb.net https://*.tiles.mapbox.com https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://api.mapbox.com/ https://dc.services.visualstudio.com https://skyfire.vimeocdn.com https://player.vimeo.com *.akamaized.net *.stackadapt.com *.google-analytics.com wss://*.hotjar.com *.analytics.google.com;  font-src 'self' *.typekit.net data: https://script.hotjar.com https://fonts.gstatic.com https://cdn.livechatinc.com;  worker-src 'self' blob:;  media-src 'self' https://vod-progressive.akamaized.net *.akamaized.net *.vimeocdn.com https://video-dev.github.io *.vimeo.com  blob:;  frame-src *.livechatinc.com player.adventr.io r1.dotdigital-pages.com dotdigital-pages.com https://kuula.co kuula.co digitalimages.gr www.digitalimages.gr docs.google.com theatro360.com www.googletagmanager.com 10388175.fls.doubleclick.net 'self' www.digitalimages.gr digitalimages.gr *.google.com https://cdn.dnky.co https://mpembed.com https://vars.hotjar.com https://burgess.theatro360.com https://www.burgessyachts.com https://qa-brochurebuilder.burgessyachts.com https://uat-brochurebuilder.burgessyachts.com https://brochurebuilder.burgessyachts.com https://r1.dotmailer-surveys.com https://www.google.com https://9169248.fls.doubleclick.net https://static.addtoany.com https://www.youtube.com https://www.facebook.com https://player.vimeo.com https://www.digitowl.vision https://my.matterport.com https://tourmkr.com https://www.golocal.hk https://www.coolwalkee.com https://www.google.com/maps https://www.luxproimaging.com http://vrtour.virtualsinc.com view.ceros.com *.wirewax.com *.theatro360.com;  child-src blob: ; script-src-elem  *.jsdelivr.net optimize.google.com qvdt3feo.com cht-srvc.net unpkg.com/web-vitals* *.googleoptimize.com *.livechatinc.com *.googleapis.com r1.dotdigital-pages.com dotdigital-pages.com *.doubleclick.net www.googleadservices.com googleadservices.com rules.quantcount.com gc.kis.v2.scr.kaspersky-labs.com r1-t.trackedlink.net www.googletagmanager.com 'self' 'unsafe-inline' connect.facebook.net r1.dotmailer-surveys.com static.addtoany.com static.hotjar.com www.google-analytics.com www.google.com www.youtube.com s.ytimg.com script.hotjar.com googletagmanager.com addtoany.com gstatic.com www.gstatic.com r1-t.trackedlink.net trackedlink.net p.teads.tv quantserve.com secure.quantserve.com ad.doubleclick.net doubleclick.net data: *.trackedweb.net view.ceros.com *.wirewax.com *.stackadapt.com *.google.com; report-uri https://burgesscsp.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self' *.trade.com 1
default-src https://ipara.com;https://ipara.com.tr 1
default-src 'self' themes.googleusercontent.com www.google-analytics.com www.googletagmanager.com https://analytics.google.com stats.g.doubleclick.net data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-8IFKZDhhpiTISN+5Zjckj2GGkOsGkKUUowOE0neCY7c=' 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-ba8fc7b1773c7a03d99788232c537a9e' 'nonce-a47135c27ee293091dace29061ddc684' 'nonce-8750c2246242ca077f6808bddc495814' 'nonce-01e98588c3f3236fa16fdcf61f1482b6' 'nonce-b3f21c6360bd471e67802c5979174628' 'nonce-b0951adc8bc542964213de48cee69f3e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ba8fc7b1773c7a03d99788232c537a9e' 'nonce-a47135c27ee293091dace29061ddc684' 'nonce-8750c2246242ca077f6808bddc495814' 'nonce-01e98588c3f3236fa16fdcf61f1482b6' 'nonce-b3f21c6360bd471e67802c5979174628' 'nonce-b0951adc8bc542964213de48cee69f3e' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; img-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; object-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; frame-src 'self' data: blob: https://*.mimer.com/ https://mimer.com/ https://mimerse.wpengine.com/; 1
frame-ancestors DENY 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-aa6f9ac2f09832d8e34c1faf48d0edb9' 'nonce-4150980cabab0030416f5c77da0815ff' 'nonce-2ffde926ba794f324cc0090f270d24fe' 'nonce-b65e909fdddbf700be1cad1f4fd5d38e' 'nonce-7bb649bbe2b3dfc39810e7934729f889' 'nonce-637a6998fd7bce00e5eef80ed63d7a98' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-aa6f9ac2f09832d8e34c1faf48d0edb9' 'nonce-4150980cabab0030416f5c77da0815ff' 'nonce-2ffde926ba794f324cc0090f270d24fe' 'nonce-b65e909fdddbf700be1cad1f4fd5d38e' 'nonce-7bb649bbe2b3dfc39810e7934729f889' 'nonce-637a6998fd7bce00e5eef80ed63d7a98' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src 'self' www.google-analytics.com *.analytics.google.com *.google-analytics.com wss://www.joa.fr stats.g.doubleclick.net via.batch.com ws.batch.com maps.googleapis.com www.novaresa.net www.joa.fr consentcdn.cookiebot.com www.facebook.com; font-src 'self' fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com module.lafourchette.com widget.thefork.com *.weezevent.com ubishaker.com t.regionsjob.com *.gaming1.com www.google.com widget.fanzo.com www.facebook.com consentcdn.cookiebot.com *.paperform.co; img-src 'self' www.googletagmanager.com media.joa.fr www.google-analytics.com ytimg.com i.ytimg.com img.youtube.com www.facebook.com www.google.com www.google.fr maps.googleapis.com *.gstatic.com data: blob: www.novaresa.net novaresa.net icons.batch.com www.google.ch www.google.hr www.google.lu www.joa.fr www.tripadvisor.fr via.batch.com apply.indeed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com via.batch.com www.youtube.com connect.facebook.net maps.googleapis.com www.novaresa.net www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com www.joa.fr www.weezevent.com t.regionsjob.com paperform.co; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.novaresa.net www.googletagmanager.com; upgrade-insecure-requests; report-uri /csp 1
font-src * data:; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' * data:; style-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src 'self'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch; upgrade-insecure-requests 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-exvOeu720WP2hk2BZhDOwg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
default-src: none;   1
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data: blob: 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src * 'unsafe-inline' data: blob: 'unsafe-inline'; frame-ancestors 'self' https://test.sagepay.com/*; child-src * 'unsafe-inline' data: blob: 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none' 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' blob: *.hellowork.com *; object-src 'none'; frame-ancestors 'self' https://compte.hellowork.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 1
default-src 'self'; img-src 'self' data: ; script-src 'self' 'unsafe-inline' 'sha256-Vm4GC9dCs8yiOt3vkFoyb7CG9wQvsbg2ZxRvujWCkjU='; style-src 'self' 'unsafe-inline' 'sha256-5djBAhgU6lT6/IvDqBYV1J+3001Gap43QwbVwQ0EoTQ=' 1
base-uri 'none';child-src 'none';connect-src 'self' *.apowiser.com *.google-analytics.com *.fullstory.com https://extreme-ip-lookup.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://recaptcha.net/recaptcha;img-src 'self' data: https: www.googletagmanager.com https://www.google-analytics.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' *.apowiser.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.fullstory.com https://recaptcha.net/recaptcha https://extreme-ip-lookup.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io; img-src 'self' data: blob: www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com; connect-src 'self' *.browsealoud.com feeds.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io; worker-src 'self' blob:; 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net; 1
script-src https: data: 'unsafe-inline' 'unsafe-eval' https://gs1-germany.de https://*.gs1-germany.de https://*.optimizely.com https://*.googletagmanager.com https://apis.google.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://*.google-analytics.com https://optimize.google.com https://ext.nonstoppartner.net https://*.hotjar.com https://*.walls.io https://*.myveeta.com; style-src https: 'unsafe-inline' https://gs1-germany.de https://*.gs1-germany.de https://apis.google.com https://optimize.google.com https://fonts.googleapis.com https://connect.facebook.net https://fast.fonts.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.walls.io; frame-src 'self' https://optimize.google.com https://*.walls.io https://www.youtube-nocookie.com https://www.gs1.org https://www.youtube.com https://*.hotjar.com https://www.facebook.com https://communication.gs1-germany.de https://feedback.gs1-germany.de https://easy-feedback.de https://*.easy-feedback.de https://ext.nonstoppartner.net https://*.gs1.org https://f5ba538cf0d6445983504cc2cd8ccb42.svc.dynamics.com https://082becc9a232451baaef0c700dd33425.svc.dynamics.com https://76c4e8a3cea24f6792072b39841b0a0b.svc.dynamics.com https://*.podigee.io https://*.podigee.com https://player.podigee-cdn.net; frame-ancestors 'self' https://academy.gs1-germany.de https://*.eventlocations.com https://cockpit.prospitalia.de; 1
frame-ancestors 'self' http://*.mitkindundkegel.de http://mitkindundkegel.de 1
default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://i.ytimg.com https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://ssl.p.jwpcdn.com/; script-src 'self' 'unsafe-inline' https://s.ytimg.com/ https://www.liebesleben.de/typo3conf/ext/theme/Resources/Public/Bower/vue/dist/vue.min.js https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-ad5a8a6dc9c8bce6d9cf23fd3387c23d' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1
default-src 'none'; script-src 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8='; 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://api.mintme.com/ wss://api.mintme.abchosting.org/ wss://api.staging.abchosting.org/ https://*.facebook.net https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.doubleclick.net https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to https://www.mintme.com/.well-known/mercure https://identitytoolkit.googleapis.com; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to https://embed.tawk.to https://fonts.googleapis.com; frame-src https://www.facebook.com https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com https://*.coinify.com https://platform.twitter.com https://content-youtube.googleapis.com https://mintme.firebaseapp.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-06K4Zge8v1XIzWmDkNeEGw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://*.tawk.to; report-uri /csp-report; worker-src 'none' 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 1
'default-src \'self\'; 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; https://whitelabel.2u.com; 1
base-uri 'self' about:;block-all-mixed-content;child-src fallsviewer.ca 'self';connect-src 'self' data: *.youtube.com fonts.gstatic.com www.clarity.ms cloudflareinsights.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.readspeaker.com rebound.postmarkapp.com *.cookieyes.com cdn-cookieyes.com img.niagarafalls.ca arcweb2019.niagarafalls.ca cdn.monsido.com *.arcgisonline.com *.arcgis.com portal.niagarafalls.ca https://*.smartlook.com https://*.smartlook.cloud;default-src https: 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' null cdnjs.cloudflare.com fonts.gstatic.com niagarafalls.ca  *.arcgis.com;form-action 'self' *.paypal.com *.readspeaker.com *.paymentus.com niagarafalls.ca;frame-ancestors 'self' open.niagarafalls.ca niagarafalls.hub.arcgis.com map.niagarafalls.ca niagarafalls.ca *.us.monsido.com; frame-src fallsviewer.ca niagarafalls.maps.arcgis.com mapme.com viewer.mapme.com www.facebook.com maps.googleapis.com *.niagarafalls.ca *.readspeaker.com www.google.com www.youtube.com youtube.com console.cloudinary.com cloudinary.com niagarafalls.ca ;img-src data: 'self' blob: img.niagarafalls.ca *.readspeaker.com res.cloudinary.com https://www.google-analytics.com *.gstatic.com stats.g.doubleclick.net www.googletagmanager.com www.youtube.com *.monsido.com *.googleapis.com *.arcgisonline.com *.arcgis.com cdn-cookieyes.com portal.niagarafalls.ca https://*.google.com c.clarity.ms c.bing.com https://*.google.ca;media-src 'self' *.readspeaker.com youtu.be *.youtube.com;object-src *.youtube.com 'self'; report-uri https://niagarafalls.ca/webservices/csp-enforce;script-src 'self' blob: google.com www.google.com *.googleapis.com *.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com cdnjs.cloudflare.com www.google-analytics.com www.clarity.ms *.cloudflareinsights.com connect.facebook.net *.readspeaker.com rebound.postmarkapp.com cdn.monsido.com www.youtube.com cse.google.com clients1.google.com https://*.smartlook.com cdn-cookieyes.com https://*.smartlook.cloud *.arcgisonline.com *.arcgis.com 'unsafe-inline' 'unsafe-eval';style-src 'self' stackpath.bootstrapcdn.com *.googleapis.com *.google.com *.readspeaker.com *.arcgis.com 'unsafe-inline';upgrade-insecure-requests;worker-src 'self' blob: 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://milan-jeunesse.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.google.at *.cookiebot.eu *.google-analytics.com connect.facebook.net px.ads.linkedin.com stats.g.doubleclick.net; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.google.com *.google.at *.gstatic.com *.googletagmanager.com *.google-analytics.com api.mapbox.com *.mindspace.at *.vorauerfriends.com *.usercentrics.eu px.ads.linkedin.com *.facebook.com; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com snap.licdn.com connect.facebook.net; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; report-uri /csp/report 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src "self"; img-src "self"; style-src "self" "unsafe-inline"; font-src "self"; script-src "self" "unsafe-inline"; connect-src "self"; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: analytics.johnsonsbaby.com.br *.connect.facebook.net *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; base-uri www.hahn-airport.de; block-all-mixed-content; connect-src www.hahn-airport.de matomo.hahn-airport.de; font-src www.hahn-airport.de; form-action www.hahn-airport.de parken.hahn-airport.de; frame-ancestors www.hahn-airport.de; frame-src www.hahn-airport.de; img-src www.hahn-airport.de data: *.openstreetmap.de; script-src www.hahn-airport.de matomo.hahn-airport.de 'sha256-3gL0ESqaJki/Wh0f/lc2YDLEdxGa87F8Q5TXgPOCikM=' 'sha256-81MEiw1n03G/Umzr1t9TBswGsKYi01GH9Qu+KQu7dD4=' 'sha512-xbcqNOgP70FrlmytA93CaZ+Lh4zepgmKXpUeumuNwRa8sD7TlgTwTgSBKrbiP5/HcguwdErI+ExunDL8rxCrkg==' 'sha512-px1M+IgU2D7N1Ag8ujEEbrR/bWVa9WcgiPLZ6flkhCC+8XiyDRgirHntE0Un+lSGbp4p/VA403aBf4NWUPAD8A==' 'sha512-Tyxc4Zm8bJMo23iSuUGf1AwygBbaOSZEvgDkIoZNrH9oAdhVZp6ZgdFSeajkBFA/J7YY/rQXtXaTxUiZUU1S/w=='; style-src www.hahn-airport.de 'unsafe-hashes' fast.fonts.net 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0kneztpqrRRhpdMukBrBUYV4ZMDr+1A5B/zcgBxiCdQ='; upgrade-insecure-requests; report-uri /nelmio/csp/report 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.google.com https://www.gstatic.com https://www.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' https://maps.googleapis.com 1
default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src ' self 'https://www.google-analytics.com; connect-src' self '; font-src' self '; style-src' self '; 1
default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; img-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://www.google.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; object-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; frame-src 'self' data: https://app.tuotempo.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://app.tuotempo.com/ https://ajax.googleapis.com/ https://multimedica.it/ https://*.wp.com/ https://widgets.tuotempo.com/ https://*.cloudfront.net/; 1
urbanohio.com 1
script-src 'unsafe-inline' *.posazavi.com analytics.tiktok.com *.adform.net *.hcaptcha.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com c.seznam.cz; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
frame-ancestors *.carkeys.co.uk *.motorists-club.co.uk *.motoristsclub.co.uk http://motoristsclub.co.uk/ http://www.motorists-club.co.uk/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.mattrifeofficial.com/ https://*.paypal.com/; frame-src 'self' data: https://elegantthemes.com/ https://*.elegantthemes.com/ https://www.mattrifeofficial.com/ https://*.paypal.com/; 1
report-to 'self' ; child-src 'self' blob: ; connect-src 'self' *.crazyegg.com analytics.tiktok.com cdn.linkedin.oribi.io *.constantcontact.com *.hotjar.com *.googleadservices.com *.facebook.com *.addthis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.jsdelivr.net *.googleapis.com *.sharethis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' blob: *.crazyegg.com *.constantcontact.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.constantcontact.com *.facebook.com wpmudev.com; frame-src 'self' tpc.googlesyndication.com *.crazyegg.com *.constantcontact.com *.ambrahealth.com *.hotjar.com *.facebook.com *.youtube.com *.ambrahealth expert-reputation.com.com *.addthis.com *.simplecast.com expert-reputation.com highlightedreviews.com *.blackbaudhosting.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.googleapis.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.g.doubleclick.net *.crazyegg.com i.ytimg.com *.linkedin.com *.ads.linkedin.com *.facebook.com *.adsymptotic.com *.blackbaudhosting.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googleapis.com *.sharethis.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' *.medtronic.com; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' tpc.googlesyndication.com *.crazyegg.com cdnjs.cloudflare.com analytics.tiktok.com *.constantcontact.com *.hotjar.com *.licdn.com *.facebook.net *.addthis.com *.moatads.com *.youtube.com *.blackbaudhosting.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleapis.com *.sharethis.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; style-src 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.crazyegg.com *.constantcontact.com *.blackbaudhosting.com *.googleapis.com *.gstatic.com *.jsdelivr.net  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline'  'unsafe-eval' ; worker-src 'self' blob: ;  upgrade-insecure-requests; 1
default-src *.archiefweb.eu *.wp.com; frame-src *.archiefweb.eu googleads.g.doubleclick.net *.wp.com; script-src 'unsafe-inline' 'unsafe-eval' *.archiefweb.eu *.googleapis.com *.googlesyndication.com adservice.google.nl adservice.google.com *.wp.com; style-src 'unsafe-inline' *.archiefweb.eu *.googleapis.com *.wp.com *.bootstrapcdn.com; font-src data: *.archiefweb.eu fonts.googleapis.com fonts.gstatic.com *.wp.com *.fontawesome.com wordpress.com *.bootstrapcdn.com; media-src *.archiefweb.eu; img-src data: *.archiefweb.eu *.w.org *.wp.com *.wordpress.com *.gravatar.com 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src 'self' data: *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://dc.services.visualstudio.com/v2/track https://updates.sdbgroep.nl; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.monitor.azure.com/scripts/b/ai.2.min.js https://dc.services.visualstudio.com/v2/track https://cdn.announcekit.app/widget-v2.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://embed.tawk.to https://upload.tawk.to https://va.tawk.to wss://*.tawk.to; font-src 'self' data: https://embed.tawk.to; frame-ancestors 'self'; img-src 'self' data: https://embed.tawk.to https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://embed.tawk.to 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-c4e8f01e7a6f87a7912ccb566e87f9b6' 'nonce-5a5362b49603ee74a0d46abef4a94f4d' 'nonce-57d07024fb9deb1d2b837cea8e6063ea' 'nonce-cdb4a06c1bf0735862e0df4d09a645d2' 'nonce-bd4124ab668cb22b19ea141f1a3e0050' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c4e8f01e7a6f87a7912ccb566e87f9b6' 'nonce-5a5362b49603ee74a0d46abef4a94f4d' 'nonce-57d07024fb9deb1d2b837cea8e6063ea' 'nonce-cdb4a06c1bf0735862e0df4d09a645d2' 'nonce-bd4124ab668cb22b19ea141f1a3e0050' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com; img-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com; object-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com; frame-src 'self' data: https://*.medgrupo.com.br http://*.medgrupo.com.br https://medgrupo.com.br http://medgrupo.com.br https://*.vimeo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.fasad.eu/ https://cdn.jsdelivr.net https://process.fasad.eu/ http://dev-process.fasad.prek.srv http://ajax.googleapis.com/ https://ajax.googleapis.com/ http://code.jquery.com/ https://code.jquery.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' data: https://www.fasad.eu https://www.fasad.eu/ https://crm.fasad.eu/; object-src 'self' data: ; frame-src 'self' data: ; 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
frame-ancestors www.newtaipei.travel newtaipei.travel 'self' 1
default-src 'self' blob:; connect-src 'self' * blob:; font-src 'self' data: http://players.brightcove.net https://www.brighttalk.com https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src *; img-src * blob: data: http://a.idio.co/ http://i.idio.co https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; media-src * blob:; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://info.lazardassetmanagement.com https://info.lazardassetmanagement.com http://app-sj29.marketo.com/ https://app-sj29.marketo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates-iife.compiled.min.js https://assets.sitescdn.net/answers-search-bar/v1.0/answers.min.js https://answers-embed.lazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.aulazardassetmanagement.com.pagescdn.com/iframe.js https://answers-embed.uklazardassetmanagement.com.pagescdn.com/iframe.js https://assets.sitescdn.net/answers/v1.6/answers.css https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com http://players.brightcove.net https://www.brighttalk.com http://vjs.zencdn.net/vttjs/ http://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/ http://s.idio.co/ia.js http://s.idio.co/ip.js http://js.idio.co/1473.js http://api.idio.co https://tagmanager.google.com/ https://code.createjs.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * 'unsafe-inline'; frame-ancestors 'self' http://info.lazardassetmanagement.com https://info.lazardassetmanagement.com https://app-sj29.marketo.com/ http://app-sj29.marketo.com/ https://www.google-analytics.com https://www.googletagmanager.com https://sadmin.brightcove.com https://players.brightcove.net https://www.brighttalk.com https://vjs.zencdn.net/vttjs/ https://munchkin.marketo.net https://view.knowledgevision.com/presentation/embed/ https://content.knowledgevision.com/player/; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.google.com *.google-analytics.com *.purechat.com *.purechatcdn.com; object-src 'self' *.purechat.com *.purechatcdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com; img-src *; connect-src 'self' *.purechat.com *.purechatcdn.com; plugin-types application/pdf application/x-shockwave-flash; reflected-xss block 1
default-src https: http://*.google-analytics.com:* 'unsafe-inline'; img-src https: 'self' data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; font-src https: 'self' data: fonts.gstatic.com; worker-src 'self' blob: 1
default-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net https://veracity-cdn.azureedge.net; style-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com cdnveracity.azureedge.net blob: https://veracity-cdn.azureedge.net https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-CiLqRFMo488mIhk5Iet/2ifYUgGAu+sgjUSOXHNcO2M=' 'sha256-Zx6t6tJBEfAGbwFZi0YK/Qv2m/UKBp4XprjbGNvOA8Y=' 'sha256-qpE3yDYwtYLcYeBZJQCR3PBmJHopLnOlMQRNFjhu4Sw=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dreGTkhRtQfwSXsd3ZavyTtL9QeeRUMFpniTUPkTNdg=' 'sha256-KycdTLdLPGini1lPAbHXJFMqqE0NBDthTPM00lNMGU0=' 'sha256-0hU65hNt+lgOOkwNFXW8crj+0fxeiF4kL+o2FmjfWTA=' 'sha256-MyiKibPDM3QBkHQc6A0+S9Jau8mxXCqBmGSBNh6/QK0=' tagmanager.google.com fonts.googleapis.com 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA='; img-src 'self' data: cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitycdn.azureedge.net veracitystatic.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracitytest.azureedge.net veracity.azureedge.net brandcentral.dnvgl.com brandcentral.dnv.com devtestdevprofile.blob.core.windows.net testdevprofile.blob.core.windows.net stagdevprofile.blob.core.windows.net cdn.sanity.io devprofile.blob.core.windows.net cdnveracity.azureedge.net https://sc.lfeeder.com https://tr.lfeeder.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net www.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com https://px.ads.linkedin.com/ www.google.no www.google.com www.googletagmanager.com px.ads.linkedin.com www.linkedin.com google-analytics.com googletagmanager.com www.google.se *.adsymptotic.com s861531437.t.eloqua.com; script-src 'self' 'unsafe-eval' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://veracity-cdn.azureedge.net az416426.vo.msecnd.net 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com; media-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracityprod.blob.core.windows.net veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io brandcentral.dnvgl.com brandcentral.dnv.com https://veracity-cdn.azureedge.net; connect-src 'self' cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitystatic.azureedge.net veracitycdn.azureedge.net veracity-cdn.azureedge.net veracity-static.azureedge.net veracity.azureedge.net cdn.sanity.io wss://localhost:3011 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net https://s861531437.t.eloqua.com/e/f2 dc.services.visualstudio.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.lfeeder.com *.leadfeeder.com cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net veracity.azureedge.net https://localhost:3010 cdnveracity.azureedge.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://veracity-cdn.azureedge.net https://*.siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://img.en25.com/i/elqCfg.min.js https://tagmanager.google.com https://www.googletagmanager.com www.google-analytics.com img06.en25.com/i/elqCfg.min.js sjs.bizographics.com/insight.min.js https://px.ads.linkedin.com/ https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com *.msecnd.net https://s861531437.t.eloqua.com; font-src cdn.veracity.com cdntest.veracity.com cdnstag.veracity.com veracitycdn.azureedge.net data: fonts.gstatic.com; frame-src 'self' https://cdn.cookielaw.org https://td.doubleclick.net/ https://geolocation.onetrust.com https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com/ns.html; report-uri https://veracitycommon.report-uri.com/r/t/csp/enforce; report-to https://veracitycommon.report-uri.com/a/d/g 1
default-src 'self' *.usercentrics.eu; frame-src 'self' www.advocard.de www.youtube.de www.youtube.com www.youtube-nocookie.com customlocation.here.com; img-src 'self' *.advocard.de *.usercentrics.eu generali01.webtrekk.net advocard01.wt-eu02.net *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu www.youtube.de www.youtube.com www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.usercentrics.eu 1
frame-ancestors khh.travel 'self' 1
default-src 'none'; connect-src 'self' https://geolocation.onetrust.com/ https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube-nocookie.com https://player.vimeo.com; img-src 'self' data: https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com; media-src 'self'; script-src 'self' https://cookie-cdn.cookiepro.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'nonce-F6r2Q9LcKDtaGjHjLCPG1A=='; style-src 'self' 'unsafe-inline'; prefetch-src 'self' 1
form-action 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';frame-src 'self';iframe-src 'self';child-src 'self';report-uri /Error/ContentSecurity 1
allow 'unsafe-inline' 'unsafe-eval' 'self' troc.cdn.mediactive-network.net *.googlesyndication.com *.systempay.fr *.fbcdn.net *.google.com *.google.fr *.doubleclick.net intranet.troc.com connect.facebook.net cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com cdn.ampproject.org 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-3fedfed1a5d4f8dd760041e403373745' 'nonce-dfe435509ca28f5e09c5c6184c77a2b8' 'nonce-8bdb96a828f43327ed155e9e02e70bb1' 'nonce-1d29082203c62019667f0402b8c2b46e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3fedfed1a5d4f8dd760041e403373745' 'nonce-dfe435509ca28f5e09c5c6184c77a2b8' 'nonce-8bdb96a828f43327ed155e9e02e70bb1' 'nonce-1d29082203c62019667f0402b8c2b46e' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' http://pudtoday http://prointnet 1
default-src 'self' www.youtube.com www.youtube-nocookie.com; child-src 'self' www.youtube.com www.youtube-nocookie.com *.fls.doubleclick.net; frame-src 'self' vars.hotjar.com *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com apps.mypurecloud.com.au player.vimeo.com; connect-src 'self' *.ambithub.com ipinfo.io wss://sbsfaq.ambithub.com stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com www.google-analytics.com api.mypurecloud.com.au api-cdn.mypurecloud.com.au wss://webmessaging.mypurecloud.com.au; img-src 'self' data: www.google.co.nz *.google.com www.google-analytics.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.ambithub.com bat.bing.com *.facebook.com *.quantserve.com *.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.polyfill.io *.ambithub.com bat.bing.com connect.facebook.net *.quantserve.com *.quantcount.com static.hotjar.com script.hotjar.com *.hotjar.io *.monsido.com *.googletagmanager.com analytics.google.com staticcdn.co.nz apps.mypurecloud.com.au; style-src 'unsafe-inline' 'self' hello.myfonts.net *.googleapis.com *.gstatic.com *.ambithub.com; font-src 'self' data: *.gstatic.com *.hotjar.com; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://bptk-api.andreasfaust.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
default-src 'self' data: https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://*.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.yandex.net https://yastatic.net/ https://ya.ru/ https://bitrix.info; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://emlru.webim.ru https://api-maps.yandex.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com; img-src 'self' data: https://emlru.webim.ru:* https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:*; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src self; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com; frame-ancestors * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1
default-src *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; script-src *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; connect-src 'self' *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' decisely.com *.decisely.com 1
default-src 'self'; script-src 'self' https://ssl.google-analytics.com; img-src 'self' https://ssl.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com *.cookielaw.org data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net https://cdn.cookielaw.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com/* http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com; child-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://button.kcmsurvey.com https://chart.googleapis.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; img-src 'self' data: blob: https://www.kcmsurvey.com https://chart.googleapis.com https://translate.google.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; style-src 'self' 'unsafe-inline' https://www.kcmsurvey.com https://button.kcmsurvey.com https://fonts.googleapis.com https://translate.googleapis.com https://www.google.com *.gstatic.com ; font-src 'self' data: ; object-src 'none' ; report-uri https://www.kcmsurvey.com/callbacks/csp_violation/report.php 1
allow *; script-src 'self' https://www.ibs.re.kr; script-src 'self' https://www.ibs.d.innodis.co.kr; object-src http://maps.google.com; object-src https://www.google.co.kr/; object-src http://html5shiv.googlecode.com; object-src http://www.facebook.com; object-src https://twitter.com; object-src https://www.google-analytics.com/;object-src https://www.google.com; report-uri /csp-report-endpoint/; 1
default-src 'self'; script-src 'self'; https://code.jquery.com; https://www.google.com; https://www.youtube.com; https://www.twitter.com; https://web.whatsapp.com; https://www.facebook.com; https://www.govcert.gov.hk; https://secure1.info.gov.hk 1
frame-src 'self' https://calendly.com https://cdn.affinipay.com https://*.squarecdn.com https://*.squareup.com https://*.squareupsandbox.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src * 'self' blob: data:; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.google.com;object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
script-src 'nonce-abcdefg'; data: blob:; default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com 1
frame-ancestors "self" "https://*.motor.com" "https://*.motoshop.com" 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com; frame-src 'self' www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; object-src 'none' 1
frame-ancestors https://*.matrabike.nl http://*.matrabike.nl http://matrabike.web2016-acc.netivity.nl https://matrabike.WEB2016-ACC.netivity.nl http://www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com a.twiago.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.facebook.net *.dynatrace.com *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net  *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com *.clarity.ms clarity.ms snap.licdn.com  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' *.thebrighttag.com *.krxd.net id5-sync.com *.demdex.net *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.facebook.net *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.linkedin.com *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net  *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; media-src 'self' *.tawk.to ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com *.google.it google.it *.clarity.ms clarity.ms *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.addtoany.com *.pagead2.googlesyndication.com *.googlesyndication.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1
default-src * *.coachview.net coachview.net 'unsafe-eval' 'unsafe-inline' 'self' data:; script-src https: coachview.net *.coachview.net *.secure.coachview.net *.clarity.ms https://e.clarity.ms/collect/ https://snap.licdn.com/ optimize.google.com https://www.googleoptimize.com/ https://www.gstatic.com bat.bing.com https://sowiso.nl https://diffuser-cdn.app-us1.com/diffuser/diffuser.js *.youtube.com https://coachview8899.activehosted.com https://coachview.b-cdn.net/ https://d3rxaij56vjege.cloudfront.net/ https://prism.app-us1.com/ https://trackcmp.net/t_prism_sitemessages.php https://outlook.office365.com/ https://calendly.com/ https://assets.calendly.com/ https://calendly.co https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google.com wchat.freshchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://s.ytimg.com/yts/jsbin/ 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-src https://player.vimeo.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://calendly.com/ https://assets.calendly.com https://mozbar.moz.com/ https://coachview.b-cdn.net/ https://app.livestorm.co/ *.youtube.com *.youtube-nocookie.com https://optimize.google.com/ *.opleidingsportaal.nl https://bid.g.doubleclick.net wchat.freshchat.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://coachview.webpush.freshchat.com/ https://www.google.com/; style-src coachview.net *.coachview.net https://coachview.b-cdn.net/ https://wchat.freshchat.com/ https://calendly.com/ https://assets.calendly.com https://wchat.freshchat.com/widget/css/ https://fonts.googleapis.com/ https://optimize.google.com/ https://tagmanager.google.com https://wchat.freshchat.com/css/widget.css 'unsafe-eval' 'unsafe-inline' 'self' data:; img-src https: coachview.net https://coachview.b-cdn.net/ https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self' data:; connect-src * coachview.net *.coachview.net https://coachview.net *.secure.coachview.net *.clarity.ms https://coachview.net/demo-aanvragen/soap/ https://coachview.b-cdn.net/ https://*.lottiefiles.com https://e.clarity.ms https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/; navigate-to  *.freshchat.com; object-src 'none'; base-uri 'self'; form-action coachview.net *.coachview.net  *.secure.coachview.net https://coachview8899.activehosted.com/ https://www.facebook.com/tr/ 'self'; font-src https: coachview.net https://coachview.b-cdn.net/ http://*.hotjar.com https://fonts.googleapis.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data: 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com 'nonce-ZGExNWM1YjNmOTI2MGZiNTI0ZjRhYTM4ZWE5YTU3ZjQwMzFmMWFmNjk0NDliMzY0YzUwNmEwMGM3M2FlNTIwZTQ5YmVmZDc3OWJkNzg0ZjQ3N2Y0ZGZjYTgxNWRjNDI1NWJiNGRkZmJjYWFkZjgyODYyYTZmZDRiMDlmMjRmYzM=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' google-analytics.com www.google-analytics.com 127.0.0.1:8005; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.jsdelivr.net; frame-src google.com www.google.com googletagmanager.com www.googletagmanager.com; img-src 'self' s3.us-west-2.amazonaws.com img.emlasts.com data:; media-src img.emlasts.com; script-src 'self' 'unsafe-eval' google.com www.google.com gstatic.com www.gstatic.com googletagmanager.com www.googletagmanager.com google-analytics.com www.google-analytics.com use.fontawesome.com cdn.jsdelivr.net 'unsafe-inline' 'nonce-Lmnei+w8rnwizWhJtgGwnw=='; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com img.emlasts.com unpkg.com 'unsafe-inline' 'nonce-Lmnei+w8rnwizWhJtgGwnw=='; report-uri /csp/report 1
default-src 'self'; object-src 'self' https://pts.blacksim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.blacksim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.blacksim.de https://umfrage.blacksim.de https://pts.blacksim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.blacksim.de https://stats.blacksim.de https://imagepool.blacksim.de https://pts.blacksim.de https://analytics.tiktok.com https://umfrage.blacksim.de; script-src 'strict-dynamic' 'nonce-974e81ccae863163780ed46c6e948af7' 'nonce-290dfe7fda644ba076d9ff01aaea78c0' 'nonce-c0857c787976df4b8a31a532944eb40a' 'nonce-bfb5192e6a0f1f53525d34ae87f541b1' 'nonce-b80046adcf9d176533ba5a345f66b373' 'nonce-0c3866f642fb8bf935f96f50c439098d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.blacksim.de https://umfrage.blacksim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-974e81ccae863163780ed46c6e948af7' 'nonce-290dfe7fda644ba076d9ff01aaea78c0' 'nonce-c0857c787976df4b8a31a532944eb40a' 'nonce-bfb5192e6a0f1f53525d34ae87f541b1' 'nonce-b80046adcf9d176533ba5a345f66b373' 'nonce-0c3866f642fb8bf935f96f50c439098d' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com static.hotjar.com sc-static.net connect.facebook.net embed.tawk.to *.google-analytics.com *.paypal.com script.hotjar.com ajax.googleapis.com ws.colissimo.fr api.mapbox.com *.axept.io *.tawk.to cdn.jsdelivr.net *.matomo.cloud *.googleapis.com *.snapchat.com *.youtube.com;frame-src 'self' *.snapchat.com vars.hotjar.com *.google.fr *.facebook.com *.tawk.to *.youtube.com *.calameo.com *.vimeo.com;style-src 'self' 'unsafe-inline' tagmanager.google.com api.mapbox.com ws.colissimo.fr embed.tawk.to cdn.jsdelivr.net fonts.googleapis.com;img-src 'self' data: tr.snapchat.com *.facebook.com *.google.fr *.google.com *.onyourmap.com ws.colissimo.fr *.mapbox.com axeptio.imgix.net *.tawk.to cdn.jsdelivr.net tawk.link script.hotjar.com *.google.co.nz *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.be favicons.axept.io;font-src 'self' data: ws.colissimo.fr *.tawk.to fonts.gstatic.com script.hotjar.com cdn.jsdelivr.net github.com fonts.googleapis.com;connect-src 'self' *.google-analytics.com *.paypal.com stats.g.doubleclick.nestats.g.doubleclick.ne in.hotjar.com stats.g.doubleclick.net ws.colissimo.fr *.hotjar.io *.axept.io tr.snapchat.com *.hotjar.com *.tawk.to wss://*.tawk.to wss://*.hotjar.com api.sandbox.getalma.eu api.getalma.eu maps.googleapis.com terreseteaux.matomo.cloud *.facebook.com *.analytics.google.com;base-uri 'self';media-src 'self' data: *.tawk.to;report-uri /csp/report;form-action secure.payzen.eu *.tawk.to 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
frame-ancestors https://webvisor.com/; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1
default-src 'none'; frame-src 'self' bankid: https://app.bankid.com skolid:; script-src 'self' https://browser.sentry-cdn.com https://az416426.vo.msecnd.net 'nonce-wwIFFBy3cVTwDcvtO5D+Uny2vXdWQzU+WwYetkrpRvY='; connect-src 'self' https://sentry.ist.com https://dc.services.visualstudio.com https://skolid-mtls.azurewebsites.net; img-src 'self'  'unsafe-inline' www.google-analytics.com data: https://skolidblob.blob.core.windows.net https://skolidlocaldev.blob.core.windows.net https://isthome.blob.core.windows.net https://*.ist.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com static.hotjar.com script.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net js.hs-banner.com collectie.averoachmea.nl https://www.googletagmanager.com https://surfly.com d6tizftlrpuof.cloudfront.net js.usemessages.com https://js.hscollectedforms.net *.collectie.centraalbeheer.nl https://cdn.harvest.graindata.com https://collectie.centraalbeheer.nl https://www.youtube.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net px.ads.linkedin.com track.hubspot.com forms.hubspot.com d6tizftlrpuof.cloudfront.net https://googleads.g.doubleclick.net *.ads.linkedin.com https://i.ytimg.com *.google-analytics.com *.analytics-google.com https://www.advieskeuze.nl https://maps.googleapis.com https://maps.gstatic.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.hubapi.com api.hubspot.com forms.hubspot.com vc.hotjar.io cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net *.ave01.pre.connectis.io https://www.google-analytics.com https://surfly.com https://sentry.io *.hsforms.com *.averoachmea.nl *.collectie.centraalbeheer.nl https://controle.achmea.consentmonitor.nl https://collectie.centraalbeheer.nl dc.services.visualstudio.com *.google-analytics.com *.analytics-google.com https://api.advieskeuze.nl;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com d6tizftlrpuof.cloudfront.net *.surfly.com surfly.com app.hubspot.com forms.hsforms.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl *.hsforms.com;block-all-mixed-content;report-uri https://avero.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoll-portal.de; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
img-src ; media-src  data:; 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
script-src 'nonce-Uv8B7DzrVcPdKOhyEJZSLEmuXGY=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com; report-uri /report-csp-violation 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net; img-src * data: about:; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'nonce-qydB4TLv17yl/c3Qnd9SJKTZ' 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-Ah7nat1ZakpaLfwIqzCBfF9eVPnwymcE' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self'; includeSubDomains; preload 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://widget.supercounters.com http://pagead2.googlesyndication.com/ http://pagead2.googlesyndication.com/ http://staticxx.facebook.com http://www.whatsupcams.com http://epixel.moj-web.net http://www.youtube.com https://www.whatsupcams.com http://localhost https://g0.ipcamlive.com;  1
style-src 'self' 'unsafe-inline'; script-src 'self' 1
default-src 'none'; img-src 'self'; script-src 'self'; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net plink-production.s3-eu-central-1.amazonaws.com plink-development.s3-eu-central-1.amazonaws.com; frame-ancestors 'none'; img-src 'self' *.mollie.com *.mollie.localhost *.mollie.dev stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.in www.google.co.ma www.google.co.th www.google.co.uk www.google.com www.google.com.hk www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk play-lh.googleusercontent.com www.google-analytics.com www.gstatic.com www.facebook.com; script-src 'self' www.google-analytics.com www.googleadservices.com ajax.googleapis.com connect.facebook.net 'nonce-ZqcChJtQpjepnVTeZlen5w=='; style-src 'self' 'unsafe-inline'; report-uri https://o29109.ingest.sentry.io/api/5384345/security/?sentry_key=70667fd3313e41ae8a6af1ac55828e78&sentry_environment=prod 1
frame-ancestors https://*.geotab.com https://*.actsoft.com 'self' 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline'  cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com  *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' *.google-analytics.com *.googletagmanager.com data: d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com; media-src 'self'; frame-src 'self' *.youtube.com ; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' https://*.sendpulse.com https://*.doubleclick.net https://*.datatables.net; font-src 'self' data: https://yeni.iskultur.com.tr https://*.sendpulse.com https://fonts.gstatic.com *.bootstrapcdn.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://*.wp.com; object-src 'none'; frame-ancestors 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://unpkg.com  https://*.alexametrics.com https://connect.facebook.net https://*.unpkg.com https://cdn.visitorlab.com https://rec.smartlook.com/ https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.sendpulse.com https://*.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://*.iskultur.com.tr https://*.ampproject.org https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.google-analytics.com https://*.addthis.com https://*.facebook.com https://*.twitter.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.bootstrapcdn.com https://*.wp.com https://*.gravatar.com; style-src 'self' https://*.iskultur.com.tr https://*.sendpulse.com  https://secure.gravatar.com https://*.wp.com https://cdn.jsdelivr.net https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.google.com  https://*.iskultur.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.gravatar.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gaug.es/ https://*.googleadservices.com https://*.iskultur.com.tr https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com/x.png https://*.alexametrics.com https://*.googletagmanager.com https://*.facebook.com https://*.yandex.ru https://*.yandex.com.tr https://*.yandex.com https://*.iskultur.com.tr https://*.sendpulse.com https://*.placeholder.com https://*.doubleclick.net https://secure.gravatar.com https://www.google-analytics.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://*.wp.com https://pixel.wp.com; frame-src 'self'  'unsafe-inline' 'unsafe-eval' https://td.doubleclick.net/ https://online.flippingbook.com/ https://www.facebook.com https://tpc.googlesyndication.com/ https://tpc.googlesyndication.com https://www.youtube.com https://bid.g.doubleclick.net/ https://www.youtube.com https://sanalpos.isbank.com.tr/ https://*.yandex.ru https://www.facebook.com https://*.yandex.com.tr https://*.yandex.com https://yandex.com.tr https://*.yandex.ru https://www.google-analytics.com  https://*.sendpulse.com  https://*.iskultur.com.tr https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://secure.gravatar.com https://*.wp.com; connect-src 'self' https://mc.yandex.com https://analytics.google.com https://*.doubleclick.net https://*.facebook.com https://ymetrica1.com https://*.googleapis.com https://www.google-analytics.com https://*.yandex.ru https://pushdata.sendpulse.com:4434/ https://manager.smartlook.com/ https://manager.eu.smartlook.com/ https://collect.visitorlab.com/142134579 https://cdn.ampproject.org 1
frame-ancestors http://programasgratis.searchmgr.com/ 1
allow 'self' *.onesignal.com; 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-eca58270dac058ef43111fcf6ee595f1' 'nonce-29e6bbe25e57d4eeb90aeb2988e3ea80' 'nonce-d5e7a47f0ff75eee29ec2c793a49dd65' 'nonce-5ccf82f1502faaed5b21a7bc7fd2edf1' 'nonce-16af601299120d72fc16de56fd05d1e8' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-eca58270dac058ef43111fcf6ee595f1' 'nonce-29e6bbe25e57d4eeb90aeb2988e3ea80' 'nonce-d5e7a47f0ff75eee29ec2c793a49dd65' 'nonce-5ccf82f1502faaed5b21a7bc7fd2edf1' 'nonce-16af601299120d72fc16de56fd05d1e8' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' cyreneforum.com/ *.cyreneforum.com/ arkadiaforum.com/ *.arkadiaforum.com/ ; 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.0/owl.carousel.min.js https://*.jsdelivr.net https://*.fontawesome.com/ https://www.paypalobjects.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.isotope/2.2.0/isotope.pkgd.js https://*.jquery.com/ https://rms.ups.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.js https://www.paypal.com/ https://*.cloudflare.com/; img-src 'self' data: https://www.paypalobjects.com/ http://maps.google.com/ https://www.paypal.com/; object-src 'self' data: https://*.paypal.com/; frame-src 'self' data: https://*.paypal.com/; 1
default-src 'self'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: ; font-src 'self'; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self'; worker-src 'self'; frame-ancestors * 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self' *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud; frame-src 'self' *.microsoftonline.com *.powerbi.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self' *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self' data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1
script-src 'unsafe-inline' 'self' https://www.youtube.com https://*.addtoany.com https://www.dailymotion.com https://cdn.jsdelivr.net  https://*.hotjar.com https://connect.facebook.net https://platform.twitter.com https://tag.aticdn.net https://cbassets.botnation.ai https://pebed.dm-event.net https://imasdk.googleapis.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self'; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://noembed.com cdn-ukwest.onetrust.com geolocation.onetrust.com *.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.copper.co/platform/currencies https://geo.ipify.org/api/v2/country;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com https://www.podbean.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://calendly.com recaptcha.net;img-src 'self' data: https://images.ctfassets.net/ https://videos.ctfassets.net/ https://cdn-ukwest.onetrust.com/ https://i.ytimg.com https://www.google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.co.uk/ads/ga-audiences https://bat.bing.com https://px.ads.linkedin.com https://*.onetrust.com https://ssl.gstatic.com https://www.gstatic.com https://ws.zoominfo.com/pixel/62fcf0b05087fb00901e129f;manifest-src 'self';media-src 'self' https://videos.ctfassets.net/;object-src 'none';prefetch-src 'self';script-src 'self' assets.calendly.com cdn-ukwest.onetrust.com recaptcha.net https://noembed.com/embed https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://bat.bing.com/ https://*.onetrust.com https://ws.zoominfo.com https://ads-twitter.com 'nonce-LOS1Ro5DhlC7AOlvpUf+2w==' ;style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
connect-src 'self' https://*.clearcover.com wss://*.clearcover.com https://*.kommunicate.io wss://*.kommunicate.io https://*.evidon.com wss://*.evidon.com https://*.betrad.com wss://*.betrad.com https://api.brightedge.com wss://api.brightedge.com https://ixfd-api.bc0a.com wss://ixfd-api.bc0a.com https://*.twilio.com wss://*.twilio.com https://inga-prod.tumblr.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.yotpo.com https://*.twitter.com https://*.yotpo.com https://*.gomoxie.solutions https://rules.atgsvcs.com https://track.magnify360.com https://c1.rfihub.net https://insight.adsrvr.org https://*.virtualhold.com https://api.edmunds.com 1
frame-ancestors 'self' http://customer-skicircus.loop21.net https://customer-skicircus.loop21.net http://public-location-skicircus.loop21.net https://public-location-skicircus.loop21.net 1
default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1
frame-ancestors https://www.facebook.com https://www.venetacucine.com 1
default-src 'self'; base-uri 'self'; object-src 'none'; connect-src 'self'  data.pendo.io pendo-static-4855106659811328.storage.googleapis.com; frame-ancestors app.pendo.io; frame-src 'self' ; child-src ; sandbox allow-forms allow-same-origin allow-scripts allow-popups; style-src 'self'  'sha256-3ITP0qhJJYBulKb1omgiT3qOK6k0iB3rMDhGfpM8b7c=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' app.pendo.io cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com; script-src 'self'   app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; img-src 'self' cdn.pendo.io app.pendo.io pendo-static-4855106659811328.storage.googleapis.com data.pendo.io; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialog.com https://*.onetrust.com https://code.jquery.com/ui/1.13.1/jquery-ui.min.js https://cdnjs.cloudflare.com https://www.tripadvisor.com/wejs https://www.googletagmanager.com https://cdns.eu1.gigya.com https://www.jscache.com https://snap.licdn.com https://cdn.hypemarks.com https://service.force.com https://www.tripadvisor.com https://js-agent.newrelic.com https://files.qualifio.com https://connect.facebook.net https://www.googleadservices.com https://www.google-analytics.com https://maps.googleapis.com https://brand-ecommerce-assets.fusepump.com https://static.tacdn.com https://d.la1-c1-par.salesforceliveagent.com https://d.la2-c1-cdg.salesforceliveagent.com https://bam.nr-data.net https://googleads.g.doubleclick.net https://c.betrad.com https://maxcdn.bootstrapcdn.com https://scripts.qualifioapp.com https://www.salesforce.com/ https://d22xmn10vbouk4.cloudfront.net/; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialogflow.com https://*.onetrust.com https://static.tacdn.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.0/css/font-awesome.min.css https://service.force.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialogflow.com https://*.onetrust.com https://px.ads.linkedin.com https://images.aws.nestle.recipes https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com data: https://static.tacdn.com https://www.google.com https://www.facebook.com https://www.google.co.in https://l.betrad.com; frame-src 'self' https://www.google.com/ https://cdns.eu1.gigya.com https://service.force.com https://brand-ecommerce-assets.fusepump.com https://cdn.hypemarks.com https://bid.g.doubleclick.net https://9796171.fls.doubleclick.net/ https://www.googletagmanager.com/ https://www.facebook.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://www.onetrust.com/ https://td.doubleclick.net/ https://files.qualifio.com https://www.nestlepromo.ch/ https://scripts.qualifioapp.com https://www.salesforce.com/; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; connect-src 'self' https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://static.dialog.com https://*.onetrust.com https://cdns.eu1.gigya.com https://www.google-analytics.com https://service.force.com https://maps.googleapis.com https://stats.g.doubleclick.net https://brand-ecommerce-api.fusepump.com https://api.tintup.com https://cognito-identity.us-east-1.amazonaws.com https://kinesis.us-east-1.amazonaws.com https://bam.nr-data.net https://digital-commerce-api-cdn.fusepump.com https://accounts.eu1.gigya.com https://www.googletagmanager.com https://scripts.qualifioapp.com https://www.salesforce.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.youtube.com blog.playstaxel.com www.humblebundle.com store.steampowered.com data:;frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
report-to 'self' ; child-src 'self' ; connect-src 'self' maps.googleapis.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' *.printfriendly.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.bootstrapcdn.com hubernet.sp-stage1.emagineusa.net  *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.vimeocdn.com; frame-src 'self' view.ceros.com *.youtube.com *.elegantthemes.com *.vimeo.com *.printfriendly.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' *.gravatar.com maps.googleapis.com data: *.vimeocdn.com *.w.org *.printfriendly.com hubernet.sp-stage1.emagineusa.net *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; object-src 'self' ; script-src 'self'  'unsafe-inline' view.ceros.com data: blob: *.fontawesome.com *.cloudflare.com *.ravenjs.com *.vimeocdn.com *.jsdelivr.net *.googleapis.com *.printfriendly.com *.kxcdn.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' *.fontawesome.com *.cloudflare.com *.printfriendly.com *.vimeocdn.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' *.googleapis.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ;  upgrade-insecure-requests; 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:; connect-src 'self' 1
default-src 'unsafe-inline' 'self' data: *.eru.cz *.eru.gov.cz *.googleapis.com nia.identitaobcana.cz app.powerbi.com fonts.gstatic.com cdn.jsdelivr.net *.youtube.com *.soundcloud.com *.slideshare.net *.cloudflare.com *.googletagmanager.com *.google-analytics.com api.mapy.cz datawrapper.dwcdn.net; report-uri /report-csp-violation 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.analytics.tiktok.com *.connect.facebook.net *.p.teads.tv *.p.teads.tv *.*.www.googletagmanager.com *.analytics.johnsonsbaby.com.co *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com https://connect.facebook.net; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.jnjbrasil.com.br *.cdn.cookielaw.org *.onetrust.com *.pagead2.googlesyndication.com geolocation.onetrust.com *.facebook.net *.google.com.br *.google.com *.doubleclick.net *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com data: *.newrelic.com *.jnjbrasil.com.br *.jnjbrasil.com *.virtualinteractions.com.br *.salesforceliveagent.com *.retargetly.com  *.mathtag.com *.sitescout.com *.doubleclick.net *.tapad.com *.bluekai.com *.adsrvr.org *.adnxs.com *.pubmatic.com *.teads.tv *.smartadserver.com *.dotomi.com *.amazonaws.com *.facebook.com *.nr-data.net *.googlesyndication.com *.googleapis.com *.googleadservices.com *.google.co.in googleads.g.doubleclick.net *.placeholder.com *.google.com.mx *.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net  https://jquery.com/ https://youtube.com/ https://www.youtube.com/ https://www.salesforceliveagent.com/ https://c.la1-c1-frf.salesforceliveagent.com/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://code.jquery.com/ https://connect.facebook.net/ https://facebook.net/ https://johnson.virtualinteractions.com.br https://cdn.cookielaw.org/ https://cookielaw.org/ https://www.google-analytics.com/ https://d.la1-c1-frf.salesforceliveagent.com/ https://d.la3-c1-fra.salesforceliveagent.com/; object-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://www.facebook.com/ https://facebook.com/ https://ad.doubleclick.net/ https://analytics.jnjbrasil.com.br/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://google.com/ https://analytics.jnjbrasil.com.br/ *.google.com.br  https://era-images.s3.amazonaws.com https://via.placeholder.com https://d5k2ho7p0o8vp.cloudfront.net https://analytics.google.com https://server-side-tagging-b4b35m77ha-uc.a.run.app data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://api.status.io https://status.exaktime.com;script-src 'self';base-uri 'self';object-src 'none';frame-ancestors 'none';block-all-mixed-content;sandbox allow-forms allow-same-origin allow-scripts allow-popups;style-src 'self' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' https://tscprodstorage.blob.core.windows.net; 1
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' script.hotjar.com wave.outbrain.com tr.outbrain.com connect.facebook.net amplify.outbrain.com static.hotjar.com googleads.g.doubleclick.net maps.googleapis.com https://bam.nr-data.net https://cdn.cookielaw.org https://js-agent.newrelic.com https://www.googletagmanager.com *.onetrust.com cdn.jsdelivr.net www.google-analytics.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-ancestors self; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com *.commerce-connector.com *.googleapis.com *.min-cdn.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de connect.facebook.net mediaintelligence.de *.bing.com https://groupeseb.secure.force.com https://iprospect.emcustomers.de; font-src 'self' data: *.commerce-connector.com *.gstatic.com https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; style-src 'self' 'unsafe-inline' *.commerce-connector.com *.commerce-connector.de *.googleapis.com https://groupeseb.secure.force.com; img-src 'self' data: *.commerce-connector.com *.commerce-connector.de *.gstatic.com *.googleapis.com  *.google-analytics.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net track.adform.net rads.recognified.net *.google.de *.google.com *.bing.com https://*.googletagmanager.com https://groupeseb.secure.force.com; media-src 'self' *.youtube.com *.youtube-nocookie.com https://groupeseb.secure.force.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.umantis.com *.doubleclick.net https://groupeseb.secure.force.com https://groupe-seb.my.salesforce-sites.com; connect-src 'self' *.commerce-connector.com *.commerce-connector.de *.googleapis.com *.google-analytics.com *.analytics.google.com *.facebook.com *.doubleclick.net mediaintelligence.de *.min-cdn.net *.bing.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.feedyou.ai/webchat/latest/botchat-es5.js https://twemoji.maxcdn.com/2/twemoji.min.js?11.2; img-src 'self' data: https://cdn.feedyou.ai/webchat/message-icon.png https://cdn.feedyou.ai/webchat/feedyou_logo_red.png https://feedyou.blob.core.windows.net/webchat/times-solid.svg; object-src 'self' data: ; frame-src 'self' data: ; 1
font-src 'self' data: https://images.wineselectors.com.au https://use.typekit.net https://i.icomoon.io https://fonts.gstatic.com https://cdn.productreview.com.au https://fonts.yieldify-production.com; img-src 'self' data: https://images.wineselectors.com.au https://www.wineselectors.com.au https://p.typekit.net https://www.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://dc.yieldify.com https://*.cloudfront.net https://scontent.cdninstagram.com https://pbs.twimg.com https://go.flx1.com https://secure.adnxs.com https://ib.adnxs.com https://scontent.xx.fbcdn.net https://graph.facebook.com https://scontent-otp1-1.cdninstagram.com https://dev.visualwebsiteoptimizer.com https://ssl.gstatic.com https://www.gstatic.com https://bacon.section.io https://useruploads.visualwebsiteoptimizer.com https://s3.amazonaws.com https://assets.yieldify.com https://adservice.google.com https://*.cloudfront.net https://www.googletagmanager.com https://b.sli-spark.com https://assets.resultspage.com https://wineselectors.resultspage.com https://secure.livechatinc.com https://match.adsrvr.org https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://tags.w55c.net https://i.w55c.net https://t.mookie1.com https://pixel.tapad.com https://beacon.krxd.net https://bh.contextweb.com https://ad.sxp.smartclip.net https://cdn-image.otherlevels.com https://www.google.com https://www.google.com.au https://secure.getprice.com.au https://a.b0e8.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://cx.atdmt.com https://tr.outbrain.com https://r.turn.com *.id.amgdgt.com https://*.yieldify.com https://c.clarity.ms https://pixel.quantserve.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://giftcreation.giftflick.com.au https://gf-cdn.s3-ap-southeast-2.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://a1.b0e8.com; style-src 'self' 'unsafe-inline' https://images.wineselectors.com.au https://fast.fonts.net https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com https://www.gstatic.com https://wineselectors.resultspage.com https://giftcreation.giftflick.com.au https://www.giftflick.com.au https://giftflick.com.au https://www.riddle.com https://sdk.giftflick.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.wineselectors.com.au https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://script.hotjar.com https://static.hotjar.com https://t.cfjump.com https://t.dgm-au.com https://use.typekit.net https://www.google-analytics.com https://connect.facebook.net https://pixel.roymorgan.com https://app.yieldify.com https://maps.googleapis.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://platform.instagram.com https://cdn.syndication.twimg.com https://c.vepxl1.net https://js.adsrvr.org https://c.flx1.com https://ajax.googleapis.com https://go.flx1.com https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://*.cloudfront.net https://s3.amazonaws.com https://td.yieldify.com https://radar.cedexis.com https://data2.gosquared.com https://data.gosquared.com https://track.omguk.com https://ib.adnxs.com https://assets.resultspage.com https://wineselectors.resultspage.com https://wineselectors.resultsdemo.com https://b.sli-spark.com https://cdn.livechatinc.com https://secure.livechatinc.com https://www.eventbrite.com.au https://wineselectors.ipscape.com.au https://cdn.otherlevels.com https://www.googleadservices.com http://www.wineselectors.com.au https://cfjump.wineselectors.com.au https://cdn.productreview.com.au https://marvel-b2-cdn.bc0a.com https://marvel-b1-cdn.bc0a.com https://cdn.b0e8.com https://js.go2sdk.com https://amplify.outbrain.com https://r.turn.com https://tr.outbrain.com https://tag.lexer.io https://*.yieldify.com https://s.yimg.com https://www.giftflick.com.au https://giftflick.com.au https://giftcreation.giftflick.com.au https://www.riddle.com https://s.pinimg.com/ https://bat.bing.com https://sdk.giftflick.com.au https://www.clarity.ms https://googleads.g.doubleclick.net https://cdn.taboola.com https://trc.taboola.com https://wave.outbrain.com https://secure.quantserve.com https://rules.quantcount.com *.retargeted.co; default-src 'self' https://images.wineselectors.com.au https://vars.hotjar.com https://www.google.com https://www.facebook.com; connect-src 'self' https://images.wineselectors.com.au wss://ws3.hotjar.com https://insights.hotjar.com https://bam.nr-data.net https://performance.typekit.net https://geo.yieldify.com https://c.flx1.com wss://ws1.hotjar.com https://bacon.section.io https://in.hotjar.com https://www.facebook.com wss://ws9.hotjar.com https://vc.hotjar.io https://js-api.otherlevels.com https://js-content.otherlevels.com https://js-api.otherlevels.com https://js-tags.otherlevels.com https://js-mdn.otherlevels.com https://js-rich.otherlevels.com https://js-deliverability-api.otherlevels.com https://safari.otherlevels.com wss://ws8.hotjar.com https://ws1.hotjar.com https://api.productreview.com.au https://www.google-analytics.com wss://ws10.hotjar.com https://tracking.gopsjump.com.au https://track.lexer.io https://*.yieldify.com https://*.yieldify-production.com https://dev.visualwebsiteoptimizer.com https://s.yimg.com https://analytics.google.com https://api.giftflick.com.au https://upload-medias.s3.amazonaws.com https://upload-medias.s3.ap-southeast-2.amazonaws.com upload.giftflick.com.au https://ct.pinterest.com https://bat.bing.com https://tr.outbrain.com https://stats.g.doubleclick.net https://t.clarity.ms https://cds.taboola.com https://pips.taboola.com https://maps.googleapis.com *.retargeted.co ; media-src 'self' blob: https://images.wineselectors.com.au https://cdn.livechatinc.com https://gf-cdn.s3.ap-southeast-2.amazonaws.com cdn.giftflick.com.au https://videos.giftflick.com.au; object-src 'self' https://images.wineselectors.com.au; child-src 'self' https://www.youtube.com https://www.riddle.com https://www.google.com https://vars.hotjar.com https://app.yieldify.com https://www.qzzr.com https://www.instagram.com https://t.cfjump.com https://t.dgm-au.com https://insight.adsrvr.org https://td.yieldify.com https://www.facebook.com https://match.adsrvr.org https://eventbrite.com.au https://www.eventbrite.com.au https://connect.facebook.net https://player.vimeo.com https://youtu.be/ https://www.google.com.au https://wineselectors.ipscape.com.au https://www.ojrq.net https://tracking.gopsjump.com.au https://*.yieldify.com https://ct.pinterest.com https://ct.pinterest.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.mouseflow.com *.surveymonkey.com *.google.com *.gstatic.com *.icancharity.org.uk *.vimeo.com *.youtube.com chimpstatic.com *.mailchimp.com *.list-manage.com *.sharethis.com *.facebook.net; default-src 'self' data:; worker-src ; style-src 'self' 'unsafe-inline' *.mailchimp.com *.googleapis.com *.icancharity.org.uk; connect-src 'self' *.google-analytics.com *.doubleclick.net *.icancharity.org.uk *.articulate.com *.mouseflow.com *.vimeo.com vimeo.com *.sharethis.com *.googleapis.com; font-src 'self' *.gstatic.com *.icancharity.org.uk data:; img-src 'self' 'unsafe-inline' data: *.gravatar.com *.ssl.com https://1yy9wa31b3t44cjxmd1hvxqb-wpengine.netdna-ssl.com *.gstatic.com *.googleapis.com *.icancharity.org.uk *.surveymonkey.com *.smassets.net *.ytimg.com *.vimeocdn.com mcusercontent.com *.sharethis.com *.facebook.com; frame-src 'self' *.google.com *.vimeo.com *.icancharity.org.uk *.youtube.com *.office.com *.surveymonkey.com *.powerbi.com; 1
frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1
frame-ancestors 'self' google.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src 'self' 'unsafe-inline'; 1
allow 'self' *.ceca.es; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: use.typekit.net www.googletagmanager.com https://www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com https://optimize.google.com maps.googleapis.com https://cdn.rawgit.com *.cookiebot.com www.googleadservices.com *.facebook.net *.doubleclick.net *.rubico.be cdn.jsdelivr.net unpkg.com plugin.skedify.io api.skedify.io https://www.google.com/recaptcha/api.js  https://www.gstatic.com/ https://bat.bing.com https://www.google.com https://apenterprise.io https://s.pinimg.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.parentia.be *.sc-static.net *.snapchat.com analytics.tiktok.com https://sc-static.net https://sentry.innovatio.be; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com https://optimize.google.com plugin.skedify.io; img-src 'self' p.typekit.net https://www.google-analytics.com data: ssl.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com https://optimize.google.com www.facebook.com *.google.com www.google.be *.google.nl www.google.fr https://bat.bing.com https://www.googletagmanager.com https://ct.pinterest.com googleads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com https://tr.snapchat.com; frame-src *.parentia.be https://www.facebook.com www.youtube-nocookie.com *.cookiebot.com https://optimize.google.com https://www.google.com/recaptcha/api2/ https://player.simplecast.com/ https://www.youtube.com/embed/ https://vars.hotjar.com https://ct.pinterest.com https://www.pinterest.com https://tr.snapchat.com https://sentry.innovatio.be; child-src *.parentia.be www.youtube-nocookie.com *.cookiebot.com *.hotjar.com https://sentry.innovatio.be; font-src 'self' *.typekit.net fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; connect-src 'self' performance.typekit.net *.analytics.google.com www.google-analytics.com https://adservice.google.com *.facebook.com parentia.rubico.be cdn.jsdelivr.net unpkg.com api.skedify.io parentia.skedify.me *.googleapis.com https://www.google.com/recaptcha/api.js https://www.google.com https://bat.bing.com https://apenterprise.io https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ct.pinterest.com parentia.be http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com https://api.pinpiaa.com https://*.parentia.be https://www.parentia.be/cockpit/ *.innovatio.be *.sc-static.net *.snapchat.com https://sentry.innovatio.be; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline'; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors https://*.barcodefactory.com https://*.barcodefactory.com:8443 https://barcodefactory.com http://*.barcodefatory.com 'self' 1
default-src 'self';block-all-mixed-content ;connect-src 'self' *.piwik.pro *.zopim.com *.zdassets.com wss://* 'self' *.google-analytics.com goedapotheek.zendesk.com *.doubleclick.net *.zendesk.com *.hotjar.io *.hotjar.com *.googleapis.com *.cookiehub.net zendesk-eu.my.sentry.io www.google.be maps.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com https://analytics.goed.be pagead2.googlesyndication.com goed.containers.piwik.pro goed.piwik.pro tr.outbrain.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.zopim.com *.hotjar.com;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.zopim.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.be *.facebook.com secure.adnxs.com *.zendesk.com *.goed.be *.hotjar.com *.outbrain.com www.surplusgezondheid.be tr.outbrain.com www.blabla.be i.ytimg.com www.thuiszorgwinkel.be www.google.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.zopim.com *.google-analytics.com *.google.com *.cookiehub.net static.zdassets.com cookiehub.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.cookiehub.net cookiehub.net;report-uri /csp/violation/report;frame-src www.youtube.com *.vimeo.com www.google.com clementineweb.azurewebsites.net *.jotform.com *.jotformeu.com optimize.google.com *.facebook.com *.actito.com *.hotjar.com *.testyourhearing.com www.goed.be www.yumpu.com form.jotformeu.com form.jotform.com submit.jotformeu.com mozbar.moz.com www3.actito.com loremipsum.io www.google.be www.hln.be eur03.safelinks.protection.outlook.com www.testyourhearing.com https://bid.g.doubleclick.net td.doubleclick.net https://my.3-dee.be/tour/goed;media-src static.zdassets.com *.goed.be www.goed.be;script-src-elem *.googleapis.com *.zopim.com *.zdassets.com data connect.facebook.net trk.adbutter.net *.hotjar.com *.googleoptimize.com *.cookiehub.net cookiehub.net www.googleoptimize.com players.yumpu.com static.hotjar.com amplify.outbrain.com www.youtube.com tr.outbrain.com 'self' 'unsafe-inline' 'unsafe-eval' *.piwik.pro *.googletagmanager.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.google-analytics.com *.google.com static.zdassets.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net goed.containers.piwik.pro wave.outbrain.com;style-src-elem fonts.googleapis.com *.cookiehub.net cookiehub.net 'self' 'unsafe-inline' *.google.com 1
script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; default-src 'self' 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://equatio-search-proxy-eu.texthelp.com https://script.google.com/ https://idp.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://*.europe-west1.firebasedatabase.app/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
report-to 'self' ; child-src 'self' *.facebook.com *.facebook.net; connect-src 'self'  'unsafe-eval' *.facebook.com *.facebook.net *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net maps.googleapis.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self'  'unsafe-inline'  'unsafe-eval'  *.gstatic.com *.bootstrapcdn.com fonts.bunny.net data: *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self' player.vimeo.com *.facebook.com *.facebook.net  *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline'  'unsafe-eval' *.googleapis.com *.vimeocdn.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self' ; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' cdnjs.cloudflare.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com maps.googleapis.com cdn.jsdelivr.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' cdnjs.cloudflare.com *.googleapis.com player.vimeo.com connect.facebook.net maps.googleapis.com cdn.jsdelivr.net self cdn.rollbar.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline'  *.googleapis.com *.gstatic.com self *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  *.googleapis.com fonts.bunny.net self *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.san.com *.go-vip.net *.doubleclick.net *.cookiebot.com *.googleapis.com *.googletagmanager.com *.wp.com *.parsely.com *.brightcove.net *.brightcove.com *.zencdn.net *.gstatic.com *.newrelic.com *.surveycarrot.com *.googlesyndication.com *.googletagservices.com *.dwcdn.net *.jsdelivr.net *.twitter.com *.x.com *.instagram.com *.facebook.net *.facebook.com *.google.com; img-src * data:; font-src *.gstatic.com data:; connect-src *; worker-src * blob:; media-src * blob:; frame-src *.google.com *.wp.com *.cookiebot.com *.twitter.com *.x.com san.com *.youtube.com *.instagram.com *.facebook.net *.facebook.com *.g.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr *.tubedu.org ; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com; upgrade-insecure-requests 1
base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net http://view.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com; 1
default-src 'self' *.timeavenue.ru;                    script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://mc.yandex.ru https://yastatic.net *.jivosite.com *.jivo.ru https://www.googletagmanager.com https://stats.g.doubleclick.net https://connect.facebook.net *.roistat.com https://api-maps.yandex.ru https://*.maps.yandex.net *.maps.yandex.net https://ajax.googleapis.com *.google-analytics.com https://ipinfo.io https://geocode-maps.yandex.ru;                    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.roistat.com *.jivosite.com *.jivo.ru data: blob:;                    font-src 'self' data: https://fonts.gstatic.com;                    img-src 'self' https: data: https://mc.yandex.ru;                    frame-src 'self' https://www.facebook.com https://www.youtube.com https://docs.google.com https://yandex.ru https://api-maps.yandex.ru https://static.inspify.io;                    connect-src 'self' https://mc.yandex.ru stats.g.doubleclick.net *.jivosite.com *.jivo.ru wss: https://www.facebook.com *.timeavenue.ru *.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net;                    object-src 'self' https://docs.google.com;                    media-src 'self' data: *.jivosite.com *.jivo.ru;                    frame-ancestors 'self' http://webvisor.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
default-src 'self' https://*.facebook.net https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.youtube-nocookie.com https://*.youtube.com https://*.matterport.com https://snazzymaps.com https://*.snazzymaps.com; block-all-mixed-content; img-src 'self' data: https://placeholder.inventis.be https://*.ytimg.com https://*.google-analytics.com https://*.vimeocdn.com https://*.facebook.com; manifest-src 'self'; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.vimeo.com 'nonce-dqI7D7dR2eJAKxe9Eb0oUw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'self' googleads.g.doubleclick.net polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com c.statcounter.com secure.statcounter.com www.google-analytics.com code.highcharts.com pagead2.googlesyndication.com cdn.datatables.net use.fontawesome.com cdn.rawgit.com maps.googleapis.com connect.facebook.net www.polantis.info new.polantis.com www.google.com www.google.fr www.gstatic.com https://rawgithub.com/phpepe/highcharts-regression/master/highcharts-regression.js https://rawgit.com/phpepe/highcharts-regression/master/highcharts-regression.js www.googletagmanager.com cdn.jsdelivr.net cdn.mouseflow.com; object-src 'self' s.ytimg.com i.ytimg.com s.youtube.com www.youtube.com *.googlevideo.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net https://cdn.rawgit.com/morteza/bootstrap-rtl/v3.4.0/dist/css/bootstrap-rtl.min.css www.polantis.info use.fontawesome.com www.gstatic.com; img-src 'self' data: images.polantis.com data.polantis.com s3-eu-west-1.amazonaws.com www.google-analytics.com c.statcounter.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com csi.gstatic.com www.facebook.com www.polantis.info www.google.com www.google.fr randomuser.me/api/ cdnjs.cloudflare.com polantiscomimages.s3-eu-west-1.amazonaws.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3.eu-west-1.amazonaws.com data2.polantis.com http://bimobject-dev.ad.bimobject.com http://bimobject-staging.ad.bimobject.com www.bimobject.com bimobject.com https://classic.bimobject.com https://admincontent.bimobject.com https://accounts.bimobject.com https://accounts-dev.ad.bimobject.com https://accounts-staging.ad.bimobject.com www.mollie.com; frame-src 'self' googleads.g.doubleclick.net www.youtube.com www.google.com www.google.fr www.facebook.com staticxx.facebook.com polantis-com-data.s3-eu-west-1.amazonaws.com polantis-com-data-dev.s3-eu-west-1.amazonaws.com polantis-com-data.s3.eu-west-1.amazonaws.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' www.polantis.info new.polantis.com maps.googleapis.com cdn.datatables.net www.facebook.com vicopo.selfbuild.fr analytics.google.com stats.g.doubleclick.net cdn.jsdelivr.net; report-uri /nelmio/csp/report 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com  *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self';script-src 'self'; 1
default-src 'self' *.fg.cz;font-src 'self' fonts.gstatic.com *.fg.cz;connect-src 'self' *.fg.cz *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net https://www.smsticket.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.com https://www.smsticket.cz;form-action 'self' *.fg.cz;frame-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;child-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net blob: *.gst *.fg.cz;style-src 'self' 'unsafe-inline' *.fg.cz fonts.googleapis.com;object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com  https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl  https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-LAf4iELLj7QBbzH5yGIjjmgz' 'nonce-OX1ClVkSF8Tq87YOvSQ1/Sr1' 'nonce-gWMdTShkng+zSDh2uZ9Ie16G' 'nonce-F4d27tTHBJsUu9Rc3Hj3yfDg' 'nonce-0SBwmy3XgsFmV5yaKkQUkDNw' 'nonce-W10oh/t8svXVAz8b8GyS9ZZO' 'nonce-CPTJg9NeT1uoDoB0bnK7CHGD' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net www.gstatic.com www.google.com  apis.google.com maps.googleapis.com googleadservices.com www.xart.cz fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.ccvision.de www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.cz connect.facebook.net giphy.com *.facebook.com akamaihd.net fbcdn.net fb.me fbsbx.com api.mapy.cz mapserver.mapy.cz tagmanager.google.com ssl.gstatic.com fe.marketingovalista.cz sc.lfeeder.com tr.lfeeder.com static.userback.io api.userback.io www.googleadservices.com app.marketingovalista.cz accounts.google.com *.clarity.ms 1
base-uri 'none';child-src *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;connect-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;default-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;font-src 'self' *.googleapis.com *.hotjar.com;form-action 'self';frame-ancestors 'none';frame-src *.hotjar.com;img-src * blob: data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com *.hotjar.com;style-src 'self' *.hotjar.com 'unsafe-inline' *.googleapis.com;worker-src 'self'; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://az416426.vo.msecnd.net/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://identityserver.local:44301/; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' 'connect-src' *.estout.com data: https://cdn.estout.com https://scripts.sirv.com https://stats.sirv.com https://estout.sirv.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com http://maps.googleapis.com http://ajax.googleapis.com https://apis-sandbox.fedex.com https://cdn.jsdelivr.net https://vv0lb6m9d9-dsn.algolia.net https://maps.gstatic.com https://cdnjs.cloudflare.com 1
default-src 'self' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; script-src 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com; style-src 'unsafe-inline' *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net localhost:* *.igniterecognition.com igniterecognition.com;img-src data: * blob: *; font-src data: 'self'; connect-src 'self' api.raygun.io http://localhost:* *.visualstudio.com *.azurestaticapps.net *.azurewebsites.net *.applicationinsights.azure.com wss://localhost:* *.igniterecognition.com igniterecognition.com wss://*.igniterecognition.com wss://igniterecognition.com api.pwnedpasswords.com; child-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com http://localhost:* *.azurestaticapps.net 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://c.clarity.ms/ https://cdnjs.cloudflare.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/; font-src 'self' https://pro.fontawesome.com/; frame-src https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://c.bing.com https://c.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.za https://www.facebook.com; connect-src 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net; 1
frame-ancestors https://*.buxfer.com https://*.flagstoneinitiative.org https://*.duda.co https://*.responsivewebsitebuilder.io 1
default-src 'self' https://api-adresse.data.gouv.fr; block-all-mixed-content; font-src 'self' data:; frame-src 'self' blob:; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
default-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be consentcdn.cookiebot.com; connect-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com stats.g.doubleclick.net https://cognito-identity.eu-central-1.amazonaws.com wss://a3a87qpyvgayr4-ats.iot.eu-central-1.amazonaws.com; img-src 'self' data: www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' www.trappistwestvleteren.be checkout.trappistwestvleteren.be 1
default-src 'self' 'unsafe-inline' *data: region1.analytics.google.com https://www.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' data:* data* *.google-analytics.com *.google.it https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com https://geoportal.un.org; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
frame-ancestors https://*.cpcworldwide.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
allow 'self' data: 'inline' 'unsafe-inline' 'unsafe-eval' google-analytics.com googleapis.com youtube.com connect.facebook.net www.facebook.com cdn.ywxi.net static.hotjar.com www.googletagmanager.com www.google.com;  1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.kemenpora.go.id *.responsivevoice.org *.youtube.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.jquery.com *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com; style-src 'self' 'unsafe-inline' *.kemenpora.go.id *.googleapis.com *.responsivevoice.org *.google.com *.gstatic.com *.amazonaws.com *.bootstrapcdn.com *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com; img-src 'self' data: *.kemenpora.go.id *.responsivevoice.org *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.gravatar.com *.w.org *.creativecommons.org *.jquery.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; font-src 'self' data: *.kemenpora.go.id *.gstatic.com *.bootstrapcdn.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; connect-src 'self' *.kemenpora.go.id *.googletagmanager.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; media-src 'self' *.kemenpora.go.id *.w.org *.videopress.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; object-src 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.responsivevoice.org; child-src 'self' *.googletagmanager.com *.google.com pastebin.com *.videopress.com akismet.com *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; form-action 'self'; frame-ancestors 'self' *.kemenpora.go.id *.kominfo.go.id *.instagram.com *.twitter.com *.facebook.net *.kemenpora.go.id *.google-analytics.com *.facebook.com *.twimg.com *.youtube.com *.responsivevoice.org; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com  https://*.google.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src 'self' https://*.seznam.cz https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com https://*.gstatic.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com  https://*.gstatic.com  https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/enforce 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-e1185a5bb5420a9ea8e6722dbab54845' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.clarity.ms *.abtasty.com *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
script-src 'self' 'nonce-zB8IKuwaUVOHyEcANkDsFeCQ' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
default-src 'self'; connect-src 'self' apikeys.civiccomputing.com api.postcodes.io www.googleapis.com newassets.hcaptcha.com maps.googleapis.com api.stripe.com js.stripe.com; font-src 'self' use.fontawesome.com fonts.gstatic.com data:; frame-src 'self' newassets.hcaptcha.com hooks.stripe.com js.stripe.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com translate.google.com www.gstatic.com cdn.bookingprotect.com tile.openstreetmap.org maptiles.p.rapidapi.com media.giphy.com; script-src 'self' hcaptcha.com js.stripe.com maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://35745cad85bbe1feed32f58e01aeb5de.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 1
default-src 'self';script-src * 'self' 'unsafe-inline' 'unsafe-eval';frame-src * 'self';style-src * 'self' 'unsafe-inline';img-src 'self' data: maps.googleapis.com maps.gstatic.com https://storage.sbg.cloud.ovh.net storage.gra.cloud.ovh.net https://images.prismic.io/fabriquedestyles/ https://fabriquedestyles.cdn.prismic.io/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com *.openstreetmap.org *.doubleclick.net *.google.fr https://google.com https://www.google.com https://www.facebook.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://fonts.gstatic.com;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src * 'self';base-uri 'self';media-src 'self' data:;report-uri /csp/report 1
frame-ancestors rextheme.com; 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.smart-cloud-intelligence.com/ https://secure.smart-cloud-intelligence.com/js/ https://secure.smart-cloud-intelligence.com/Track/ https://secure.smart-cloud-intelligence.com/js/269760.js https://secure.smart-cloud-intelligence.com/Track/Capture.aspx https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.list-manage.com/; img-src 'self' data: https://fia-tech.com https://www.paypalobjects.com/ https://www.greatplacetowork.com/images/profiles/7037816/; object-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; frame-src 'self' data: https://fia-tech.com https://*.paypal.com/ https://*.stripe.com/ https://player.vimeo.com/; 1
default-src 'self' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net   *.azureedge.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b2clogin.com *.cookiescanportal.b2clogin.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.clickdimensions.com *.analytics-eu.clickdimensions.com *.gstatic.com *.fonts.gstatic.com *.google.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.clickdimensions.com *.fonts.gstatic.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.gravatar.com *.b2clogin.com *.cookiescanportal.b2clogin.com  *.cookiescan.azureedge.net  *.azureedge.net data:;connect-src 'self' *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.b2clogin.com *.cookiescanportal.b2clogin.com *.cookiescan.azureedge.net  *.azureedge.net data:;font-src 'self' *.gstatic.com *.fonts.gstatic.com  *.google.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com  data:;img-src 'self' 'unsafe-inline' https://c5alliance.com *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.cookiescan.com https://cookiescan.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com  *.gravatar.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com data:;frame-src 'self' 'unsafe-inline' *.gstatic.com  *.google.com  *.c5alliance.com *.c5alliance2017.staging.wpengine.com *.c5alliance2017.wpengine.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.issuu.com *.vimeo.com *.youtube.com *.linkedin.com *.b2clogin.com *.cookiescanportal.b2clogin.com  ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https: https://*.gstatic.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io; frame-src https://bid.g.doubleclick.net https://api.quickstream.westpac.com.au https://assets.ctfassets.net/ https://videos.ctfassets.net/ https://*.libsyn.com https://e.issuu.com/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com/ https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://s7.addthis.com/static/ https://gum.criteo.com/ https://open.spotify.com https://youtu.be/; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://*.gstatic.com https://cdn.curator.io/; font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.googletagmanager.com https://*.salesforce.com https://api.quickstream.westpac.com.au https://*.addthis.com/ https://*.jobadder.com/ https://*.libsyn.com https://e.issuu.com/ https://jobadder.com/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://www.gstatic.com https://*.criteo.com https://*.criteo.net https://server.arcgisonline.com/ https://cdn.curator.io https://cdn.curator.io/published/56e5a580-2921-4b55-88ce-d4fe260ac545_y69dz93g.js https://player.vimeo.com https://bettercollect.elucidity.com.au; connect-src 'self' https://www.google-analytics.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://prod-apim-auseast-001.azure-api.net https://api.compassion.com.au https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com/g/  https://*.googletagmanager.com https://api.quickstream.westpac.com.au https://compassionau.force.com  https://compassionau.my.site.com https://concierge.compassion.com.au https://*.algolia.net https://*.algolianet.com https://apps.jobadder.com/ https://jobadder.com/ https://m.addthis.com/ https://*.crazyegg.com/ https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.google-analytics.com/ wss://*.hotjar.com https://*.hotjar.io https://*.doubleclick.net/ https://api.curator.io/ https://vimeo.com https://bettercollect.elucidity.com.au https://www.googleadservices.com; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com http://*.tile.openstreetmap.org/ https://auproddownloads.blob.core.windows.net/compassion/ https://images.contentful.com https://images.ctfassets.net https://media.ci.org https://*.youtube.com https://apps.jobadder.com/ https://jobadder.com/widgets/ https://*.collect.igodigital.com/ https://*.crazyegg.com/ https://*.facebook.com/ https://*.google-analytics.com/ https://*.google.com https://*.google.com.au/ https://*.googletagmanager.com https://*.gstatic.com https://d33wubrfki0l68.cloudfront.net https://*.doubleclick.net/ https://server.arcgisonline.com/ https://cdn.curator.io/0.gif https://www.instagram.com/ https://*.fbcdn.net/ https://*.google-analytics.com https://*.googletagmanager.com https://bettercollect.elucidity.com.au 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com/ data: https://*.google-analytics.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com; object-src data:; frame-src 'self' *.krone-dev.cybob-one.com *.krone-agriculture.com https://*.mykrone.green https://mykrone.green https://*.krone.de *.youtube.com *.youtube-nocookie.com https://www.webstream.eu https://*.cookiebot.com https://my.matterport.com; script-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://www.googletagmanager.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net; connect-src 'self' https://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.liadm.com https://forms-eu1.hscollectedforms.net; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
default-src data: 'self' 'unsafe-inline' https://*.crwdcntrl.net https://www.youtube-nocookie.com https://*.amazonaws.com https://api.tintup.com https://cdn.hypemarks.com https://*.nr-data.net https://*.newrelic.com https://www.tintup.com https://*.facebook.net https://analytics.google.com https://*.analytics.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://*.onetrust.com https://*.sharethis.com https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.bootstrapcdn.com https://*.crowdriff.com https://*.addtoany.com https://*.fontawesome.com https://*.resy.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ cdn.knightlab.com *.blogspot.com secure.givelively.org http://intellidataserver1.intellidata.tech/ *.jotfor.ms cdnjs.cloudflare.com js.jotform.com secure.networkmerchants.com; 1
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 1
default-src 'unsafe-inline'; block-all-mixed-content; connect-src *; font-src * https://fonts.gstatic.com data: fonts.googleapis.com fonts.gstatic.com; frame-src *.sibelga.be *.youtube.com *.youtube-nocookie.com *.vimeo.com *.services *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net prod.sibelga2.marlon.be *.google.com https://playplay.com; img-src * data:; manifest-src prod.sibelga2.marlon.be 'self'; script-src *.sibelga.be 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.ckeditor.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://cdnjs.cloudflare.com *.google-analytics.com *.facebook.net *.googleapis.com *.marketingautomation.services *.googletagmanager.com *.googleadservices.com *.hotjar.com *.doubleclick.net *.visualwebsiteoptimizer.com *.linkedin.com *.youtube.com *.youtube-nocookie.com tagmanager.google.com https://snap.licdn.com cookie-cdn.cookiepro.com cdn.matomo.cloud *.matomo.cloud; style-src prod.sibelga2.marlon.be 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com tagmanager.google.com; report-uri /nelmio/csp/report 1
default-src 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com info.autobooks.co; script-src info.autobooks.co; object-src info.autobooks.co; style-src 'unsafe-inline' 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; img-src data: 'self' *.fintactix.com *.highcharts.com *.simpli.fi *.segmint.net *.cloudfront.net *.acquia.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.cloudflare.com *.gstatic.com *.fmsiportal.com *.issuu.com; frame-src info.autobooks.co; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;child-src 'none';connect-src 'self' forms.hsforms.com *.backblazeb2.com hubspot-forms-static-embed.s3.amazonaws.com/ assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com app.posthog.com;default-src 'self';font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com;form-action 'self' forms.hsforms.com;frame-ancestors www.youtube.com;frame-src www.youtube.com player.vimeo.com www.youtube-nocookie.com forms.hsforms.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;img-src 'self' blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: forms.hsforms.com forms-na1.hsforms.com;manifest-src 'self';media-src 'self';object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com embed.cloudflarestream.com analytics.redballoon.work js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com secure.safewebservices.com app.posthog.com;style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com 'unsafe-inline' app.posthog.com;worker-src 'self'; 1
frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com; child-src 'self' https://www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
base-uri 'self'; default-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://bam.nr-data.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://intercom.help https://api-iam.intercom.io https://js.intercomcdn.com; frame-ancestors 'none'; img-src 'self' https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com blob: data:; media-src 'self' https://js.intercomcdn.com; object-src 'none'; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://app.intercom.io https://widget.intercom.io/ https://js.intercomcdn.com 'nonce-94c400c3464fa92b71a80e78e8ff35c1f904a1bfd70067ee315a8d7fd97ddaa3'; style-src 'self' https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css https://fonts.googleapis.com/; report-uri https://staysafeapp.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.google.com *.google-analytics.com *.googleapis.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' hello.myfonts.net *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com themes.googleusercontent.com; img-src 'self' data: *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' http://www.google-analytics.com; frame-src 'self' *.vimeo.com *.youtube.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: *.googleapis.com *.gstatic.com https://*.googleapis.com https://*.gstatic.com; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.etracker.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.list-manage.com/ https://calendly.com/ https://connect.facebook.net/en_US/sdk.js https://crm.zoho.com/crm/WebFormServeServlet?rid=8a47d85e3440ef768ceaa22381ceabb5f6334d484211d4d7d55c81b0255fc977gidb5de4f47280b66e8cb9a6d47719877b5779bc3f8638655f060668722018a6166&script=$sYG https://google-analytics.com/ https://googletagmanager.com/ https://maps.google.com/ https://maps.googleapis.com/ https://platform.twitter.com/widgets.js https://s3.amazonaws.com/ https://stats.wp.com/ https://tagmanager.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; img-src 'self' data: https://*.google-analytics.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.googletagmanager.com/ https://*.gstatic.com/ https://*.ytimg.com/ https://google-analytics.com/ https://google.com/ https://googleads.g.doubleclick.net/ https://googletagmanager.com/ https://gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://pixel.wp.com/ https://translate.googleapis.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://docs.google.com/ https://*.calendly.com/ https://calendly.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://salesiq.zoho.com/ https://*.zohopublic.com/ https://*.zohostatic.com/ https://dyjgaef5vuq51.cloudfront.net/ https://dtzpfzv31buvf.cloudfront.net/ https://*.zohocdn.com/; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;style-src 'self' 'unsafe-inline'; 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com;worker-src 'self'; 1
default-src 'self' https://boogie-shop.ru ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com *.boogie-shop.ru *.jivosite.com *.jivo.ru *.pochta.ru wss://*.jivosite.com *.yandex.ru *.yandex.com *.yandex.net vk.com *.googleapis.com *.googletagmanager.com *.google.com *.doubleclick.net *.google-analytics.com *.gstatic.com yastatic.net ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com; script-src 'unsafe-inline' 'unsafe-eval' ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com *.ckeditor.com *.boogie-shop.ru *.yandex.ru *.yandex.com *.yandex.net vk.com *.jivosite.com *.jivo.ru *.pochta.ru vk.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google.com yastatic.net *.doubleclick.net *.google-analytics.com; object-src 'unsafe-inline' *; style-src 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google.com *.ckeditor.com *.boogie-shop.ru *.yandex.ru *.yandex.com *.yandex.net vk.com *.jivosite.com *.jivo.ru *.pochta.ru *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com; img-src 'unsafe-inline' * data:; media-src 'unsafe-inline' * data; frame-src 'unsafe-inline' *; font-src 'unsafe-inline' 'self' * data:; report-uri /report-csp-violation 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
base-uri https://*.pchome.co.th; 1
frame-ancestors https://*.posylka.de 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
frame-ancestors 'self' capacitor://* https://letterasenzabusta.com https://www.letterasenzabusta.com app://letterasenzabusta.com 1
object-src 'self'; 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.aptrinsic.com fonts.googleapis.com; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io fonts.gstatic.com; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io *.aptrinsic.com storage.googleapis.com *.typekit.net; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net *.aptrinsic.com; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com *.aptrinsic.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1
default-src 'self' 'unsafe-inline' data: *.citiworldprivileges.com www.google-analytics.com *.googleapis.com *.gstatic.com nexus.ensighten.com *.omtrdc.net www.googleadservices.com *.doubleclick.net *.google.com www.google.co.in connect.facebook.net www.facebook.com *.cloudfront.net citiintl.122.2o7.net www.googletagmanager.com *.example.com test.example.com *.amap.com blob: 'unsafe-eval' 1
frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://marspulse-s.secure.force.com/ https://survey.mars.com/ https://11639395.fls.doubleclick.net *.doubleclick.net https://stage-promotion.mars.de/PAF/wp/2023-Q2-pedigree-de/ https://aktion.pedigree.de/ https://stage.aktion.pedigree.de https://promotion.mars.de/; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://marspulse-s.secure.force.com/ https://survey.mars.com/ https://11639395.fls.doubleclick.net *.doubleclick.net https://stage-promotion.mars.de/PAF/wp/2023-Q2-pedigree-de/ https://aktion.pedigree.de/ https://stage.aktion.pedigree.de https://promotion.mars.de/ 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
frame-ancestors https://*.supermaxi.com 1
frame-ancestors 'self' https://*.papajohns.com.sv ; object-src 'self' *.papajohns.com.sv ; img-src 'self' *.papajohns.com.sv  data: *.twimg.com *.twitter.com *.facebook.com *.gstatic.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.sv  *.statcounter.com *.facebook.net *.doubleclick.net *.google.com sailplays3.cdnvideo.ru res.cloudinary.com *.digitaloceanspaces.com *.bitworks.com.sv; script-src 'self' *.papajohns.com.sv 'unsafe-inline' 'unsafe-eval' data: *.twimg.com *.googletagmanager.com *.facebook.com *.google.com *.google.com.sv *.google-analytics.com maps.googleapis.com ajax.googleapis.com *.gstatic.com *.twitter.com *.statcounter.com *.facebook.net *.hotjar.io *.hotjar.com static.hotjar.com *.googleadservices.com cdnjs.cloudflare.com sailplay.ru sailplay.net *.sailplay.net sailplays3.cdnvideo.ru cdn.jsdelivr.net cdn.pushalert.co code.jquery.com *.bitworks.com.sv l.getsitecontrol.com static.cloudflareinsights.com ; 1
allow 'self' www.google-analytics.com ajax.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gtm-wnd6vzj-yme0m.uc.r.appspot.com *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; block-all-mixed-content; img-src 'self' data: *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com *.adsrvr.org *.googletagmanager.com *.googleadservices.com *.google.com *.google.de *.doubleclick.net *.doubleclick.com *.bing.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.aldi-nord.com *.aldi-sued.com assets.adobedtm.com *.demdex.net *.omtrdc.net *.facebook.net *.facebook.com services.cdn-shop.com *.usercentrics.eu *.cookielaw.org *.onetrust.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.p.teads.tv *.googletagmanager.com *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
allow *; options inline-script eval-script; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com; img-src 'self' https://www.quorumsoftware.com https://qbsol-arhxo0vh6d1oh9i0c.stackpathdns.com www.google-analytics.com stats.g.doubleclick.net www.google.com; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com;  1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com rpxnow.com *.rpxnow.com data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.tt.mbww.com *.analytics.neutrogena.com.mx *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.www.youtube.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'nonce-Ay9clMAc8M+wlBb6VmmoeN91dJyL/Xl3TR2qCZl2V+U=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; 1
frame-ancestors 'self' *.business.qld.gov.au 1
frame-ancestors none; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-ig9gHb6ViBpLkLA1Yh8C5azxoJ70Qo7i7SGpPnZjRUQ=' 'nonce-6NeXsUMno/CAW5PALPTPHw=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
default-src 'self' https://dev.shop.bzga.de https://shop.bzga.de; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://dev.shop.bzga.de https://shop.bzga.de data: https://piwik.bzga.de https://www.bzga.de https://service.bzga.de; frame-src 'self'; 1
default-src https: ;         form-action https: ;         script-src https://optimize.google.com 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://*.kespro.fi https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://*.kesko.fi https://*.ksync.fi data: https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://dvkesk.analytics.solteq.solutions ;         style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' https://*.kespro.fi 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com ;         img-src https://images.ctfassets.net https://optimize.google.com https://www.googletagmanager.com https://www.google.fi https://public.keskofiles.com https://bam.nr-data.net https://analytics.google.com https://www.google.com https://*.kespro.fi https://kespro.fi https://*.kesko.fi https://*.ksync.fi data: https://stats.g.doubleclick.net https://www.kespro.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://www.facebook.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://resources.paytrail.com ;         font-src https://fonts.gstatic.com https://*.kesko.fi https://*.kespro.fi https://fonts.gstatic.com https://*.hotjar.com https://d2318twbpx9q6v.cloudfront.net https://d3flpa680ypq0l.cloudfront.net https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com ;         connect-src https://stats.g.doubleclick.net https://bam.nr-data.net https://js-agent.newrelic.com https://*.kespro.fi https://www.kespro.com https://analytics.google.com https://*.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com https://www.facebook.com https://dvkesp.deepvision.cloud.solteq.com  https://*.hotjar.io https://login.microsoftonline.com https://kgroupb2cdev01.b2clogin.com https://kgroupb2ctest01.b2clogin.com https://kryhma.b2clogin.com https://*.kesko.fi https://*.ksync.fi https://www.google.fi https://api.poeditor.com https://*.feedbackly.com https://feedbackly.com https://cdn.contentful.com https://dvkesptest.deepvision.cloud.solteq.com ;         frame-src https://optimize.google.com https://*.hotjar.com https://www.facebook.com  https://*.kespro.fi https://sync.ksync.fi https://*.kesko.fi https://*.ksync.fi https://*.feedbackly.com https://feedbackly.com https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com ;         frame-ancestors https://kespro.fi https://*.kespro.fi https://tarjooma-qa.azurewebsites.net https://tarjooma-dev.azurewebsites.net https://tarjooma-prod.azurewebsites.net https://semmitest.powerappsportals.com https://semmidev.powerappsportals.com https://kesproportaali.powerappsportals.com https://kespro-com-qa.herokuapp.com https://kespro-com-dev.herokuapp.com https://kespro.com https://www.kespro.com ;         block-all-mixed-content; upgrade-insecure-requests; report-uri https://kespro.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src https://piwik.bzga.de/piwik.js 'self' 'unsafe-inline'; img-src https://piwik.bzga.de/ https://i.ytimg.com/ 'self' data:; connect-src https://piwik.bzga.de/ 'self'; font-src 'self' data:; frame-src https://www.drugcom.de/ https://www.youtube-nocookie.com/ 1
worker-src 'self' 'unsafe-inline' blob: https://www.datadoghq-browser-agent.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://mfh-prod.azureedge.net/assurantrenters/home/js/scripts.min.js https://www.datadoghq-browser-agent.com https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://consent.trustarc.com https://mfh-prod.azureedge.net https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com https://optimize.google.com; img-src * 'self' data: https:; child-src https://mfhcms.assurant.com https://www.datadoghq-browser-agent.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://consent.trustarc.com https://mfhcms.assurant.com; frame-src https://consent-pref.trustarc.com https://optimize.google.com https://dispawsusva.inmoment.com 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-e47890447a43de37d97603eb552e75a2' 'nonce-c8e404f020041cd4744be9b605a4d0fc' 'nonce-aece155d376f2c7ffb9cc316817eac6f' 'nonce-0f23e6577e5f5032e73ad0dcc22b387c' 'nonce-a309519666436822a3875d0ad0392d6c' 'nonce-8b64969ca9727e8b319b96a8238fafae' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e47890447a43de37d97603eb552e75a2' 'nonce-c8e404f020041cd4744be9b605a4d0fc' 'nonce-aece155d376f2c7ffb9cc316817eac6f' 'nonce-0f23e6577e5f5032e73ad0dcc22b387c' 'nonce-a309519666436822a3875d0ad0392d6c' 'nonce-8b64969ca9727e8b319b96a8238fafae' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none'; default-src 'self' https://*.clarity.ms https://c.bing.com https://*.responsetap.com 'unsafe-inline'; child-src 'self' https://www.googletagmanager.com/ns.html https://online.worldpay.com https://www.youtube.com https://e.issuu.com https://widgets.doctify.co.uk https://www.facebook.com https://*.fls.doubleclick.net https://www.google.com/ https://*.cloudfront.net; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://*.clarity.ms https://*.responsetap.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://sentry.issuu.com https://*.cloudfront.net https://www.facebook.com https://connect.facebook.net/ https://www.google-analytics.com https://www.gstatic.com https://api-ssl.bitly.com https://answerpackvideotranscoded.s3-eu-west-1.amazonaws.com https://answerpackvideotranscoded.s3.eu-west-1.amazonaws.com https://*.infinity-tracking.com https://*.infinity-tracking.net; font-src 'self' https://fonts.gstatic.com https://*.doctify.com data:; form-action 'self' https://kingedwardvii.us8.list-manage.com https://online.worldpay.com https://www.facebook.com; frame-ancestors https://*.kevii.test https://*.kingedwardvii.co.uk; img-src 'self' https://www.cqc.org.uk https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ssl.gstatic.com https://img.youtube.com https://www.facebook.com https://px.ads.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cloudfront.net https://www.veincentre.com https://answerpackvideotranscoded.s3-eu-west-1.amazonaws.com https://answerpackvideotranscoded.s3.eu-west-1.amazonaws.com https://d1x3u0ujszj2dq.cloudfront.net/ https://d32wqyuo10o653.cloudfront.net/ https://*.clarity.ms https://*.bing.com blob: data:; media-src 'self' https://*.cloudfront.net blob: data:; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.cqc.org.uk https://cdn.worldpay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com https://www.google.co.uk https://widgets.doctify.co.uk https://connect.facebook.net https://static-ssl.responsetap.com https://metrics.responsetap.com https://static.responsetap.com https://snap.licdn.com https://www.doctify.com https://*.clarity.ms https://*.googletagmanager.com https://*.ytimg.com/ https://e.issuu.com https://*.cloudfront.net https://*.infinity-tracking.com https://*.infinity-tracking.net https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://script.infinity-tracking.com https://www.cqc.org.uk https://googleads.g.doubleclick.net https://snap.licdn.com https://*.responsetap.com https://*.doctify.com https://*.doctify.co.uk https://*.clarity.ms https://maps.googleapis.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://www.cqc.org.uk https://tagmanager.google.com https://*.doctify.com https://*.doctify.co.uk https://*.clarity.ms https://*.mailchimp.com/ https://fonts.bunny.net/css 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' api-js.mixpanel.com client.axept.io api.axept.io vitals.vercel-insights.com back.whentocop.fr backend.whentocop.fr whentocop-backend-staging.herokuapp.com wtc-comparator-api.herokuapp.com https://wtc-comparator-api-staging.herokuapp.com www.google-analytics.com www.dwin1.com r.skimresources.com t.skimresources.com stockx.pvxt.net electric-vibrant.whentocop.fr backend-staging.whentocop.fr;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' statics.whentocop.fr static.axept.io client.axept.io axeptio.imgix.net s3.eu-west-3.amazonaws.com www.google.com www.google-analytics.com www.awin1.com t.skimresources.com p.skimresources.com t0.gstatic.com t1.gstatic.com t2.gstatic.com t3.gstatic.com logs-01.loggly.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' static.axept.io client.axept.io vitals.vercel-insights.com api-js.mixpanel.com www.googletagmanager.com www.google-analytics.com www.dwin1.com www.dwin2.com d.impactradius-event.com s.skimresources.com cdn.usefathom.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com; img-src data: https://*.isidata.net data: https://*.google-analytics.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://*.fontawesome.com; form-action https://*.s3.amazonaws.com https://*.isidata.net 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.lytics.io js.hubspot.com a.omappapi.com js.adsrvr.org builder.lift.acquia.com js.usemessages.com connect.facebook.net cookie-cdn.cookiepro.com js.hs-scripts.com fast.wistia.net maps.googleapis.com protect-us.mimecast.com snap.licdn.com js-agent.newrelic.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.gstatic.com tpc.googlesyndication.com www.google.com fast.wistia.net app.wistia.com bh.contextweb.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' builder.lift.acquia.com *.lytics.io a.omappapi.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: pagead2.googlesyndication.com *.lytics.io *.adsrvr.org *.hsappstatic.net *.hubspot.com *.omappapi.com embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.am *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' c.lytics.io vimeo.com match.adsrvr.org insight.adsrvr.org *.hs-sites.com *.hubspot.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net fast.wistia.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net *.omappapi.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.googlesyndication.com *.omappapi.com notify.bugsnag.com sessions.bugsnag.com us.perz-api.cloudservices.acquia.io *.ucweb.com hubspot-forms-static-embed.s3.amazonaws.com fast.wistia.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors http://clients.pensoagency.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://neocon.com 1
frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://o419240.ingest.sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com/ https://maps.googleapis.com https://maps.googleapis.com https://www.facebook.com/; font-src 'self' fonts.gstatic.com; frame-src https://www.youtube.com https://www.facebook.com https://web.facebook.com/ https://www.google.com/ https://youtube.com/; img-src 'self' facebook.com flickr.com https://maps.gstatic.com/ https://maps.googleapis.com/ data: https://www.google.com https://www.google.rs https://i.ytimg.com; script-src 'self' 'unsafe-inline' connect.facebook.net https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ 'nonce-AIInlOGVYuFimS4MeKeuaw=='; style-src 'self' fonts.googleapis.com/css 'unsafe-inline' 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src 'self' data:; style-src 'unsafe-inline' https:; font-src 'self' https: data:; object-src https://planificador.santillana.com.ec/ 'self'; frame-src https://www.google.com/ https://planificador.santillana.com.ec/ 'self'; media-src 'self'; 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-NqzqX7uTRFPsW+2S' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
'self' www.aksandik.org 1
default-src 'self' 'unsafe-inline' widget.billig-tanken.de googleads.g.doubleclick.net pagead2.googlesyndication.com 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://www.youtube.com; 1
default-src 'self' *.optimizely.com  wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
allow 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
default-src 'self'; media-src *; img-src *; script-src 'self' https://ajax.googleapis.com; style-src 'self'; 1
frame-ancestors 'self' *.floridaoberta.com ; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/ https://maps.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://google.com/ https://*.google.com/ https://googleadservices.com/ https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://*.cloudflare.com/ https://cloudflare.com/ https://google.pl/ https://*.google.pl/; img-src 'self' data: https://google-analytics.com/ https://*.google-analytics.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://*.google.com/ https://img.youtube.com/ https://google.pl/ https://*.google.pl/; object-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/; frame-src 'self' data: https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://maps.google.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.doubleclick.net/. https://google.pl/ https://*.google.pl/; 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.cdninstagram.com *.googletagmanager.com *.drift.com www.google.com *.google-analytics.com *.google.be *.g.doubleclick.net *.facebook.com *.fbcdn.net *.bing.com https://sync.outbrain.com https://secure.adnxs.com https://pixel.rubiconproject.com https://ad.360yield.com https://r.casalemedia.com https://pixel.advertising.com https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://us-u.openx.net https://ad.yieldlab.net https://simage2.pubmatic.com https://visitor.omnitagjs.com https://cm.adform.net https://sp.analytics.yahoo.com https://rtb-csync.smartadserver.com https://matching.ivitrack.com https://ib.adnxs.com https://criteo-sync.teads.tv https://tg.socdm.com https://ih.adscale.de https://x.bidswitch.net https://dis.criteo.com https://cotads.adscale.de https://match.sharethrough.com https://ads.stickyadstv.com https://contextual.media.net https://cdn.stickyadstv.com https://i.imgur.com/ *.ggpht.com taboola.com https://s.ad.smaato.net https://sync-t1.taboola.com https://ups.analytics.yahoo.com id5-sync.com exchange.mediavine.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dpm.demdex.net beacon.krxd.net s.thebrighttag.com gum.criteo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com js.driftt.com http://player.vimeo.com/* https://player.vimeo.com/api/player.js *.vimeo.com *.getflowbox.com *.drift.com *.googletagmanager.com *.api.driftt.com data: *.googleadservices.com *.hotjar.com *.google-analytics.com *.g.doubleclick.net connect.facebook.net tagmanager.google.com criteo.net static.criteo.net *.criteo.com bat.bing.com https://www.google.com/recaptcha/api.js *.gstatic.com https://matomo-37c3d2d32108.victhorious.com https://www.google.com/pagead/conversion_async.js https://trackcmp.net *.app-us1.com www.googleoptimize.com https://js.adsrvr.org/up_loader.1.1.0.js cdn.cookiehub.eu https://optimize.google.com/optimize/inject/inject.js* https://optimize.google.com/optimize/inject/inject.js?goptedit=ADmvj8xmFZyDk6EPtpXNgw1ImjQ8zkHgtz_yW-xRW7kODHyMceecs1QXFHa30RIUAmw5MOUR0M28JKOkgzKjovOlGWed61EpfuNNmXTA3GUjRS9oQ8cGftU@@0@@OPT-TDQPH2R@false@@false@ce-true@fp-false&authuser=0;style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net tagmanager.google.com cdn.cookiehub.eu;report-uri /nelmio/csp/report;connect-src cdn.plyr.io *.amazonaws.com *.prod.dukeandgrace.site *.hotjar.com *.gigue.com wss://ws2.hotjar.com/api/v1/client/ws *.criteo.com *.facebook.com *.google-analytics.com *.googleapis.com *.doubleclick.net wss://ws1.hotjar.com/api/v2/client/ws bat.bing.com wss://ws32.hotjar.com/api/v2/client/ws wss://ws34.hotjar.com/api/v2/client/ws ws34.hotjar.com *.hotjar.com wss://*.hotjar.com/api/v2/client/ws region1.analytics.google.com consent-eu.cookiehub.net;frame-src www.youtube.com *.vimeo.com js.driftt.com www.vimeo.com *.vimeo.com *.g.doubleclick.net *.hotjar.com *.criteo.com *.facebook.com https://www.google.com https://insight.adsrvr.org/*;media-src *.fbcdn.net *.akamaized.net *.cdninstagram.com *.vimeo.com 1
policy-uri /'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1
default-src 'none'; script-src 'self' https://code.jquery.com https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com; connect-src 'self' https://sgo.indors.it; font-src 'self'; style-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com; img-src 'self' data: https://*.wp.com; object-src 'self' data: https://*.wp.com; frame-src 'self' data: https://*.wp.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.timify.com https://*.timify.com/; img-src 'self' data: https://*.timify.com https://*.timify.com/; object-src 'self' data: https://*.timify.com https://*.timify.com/; frame-src 'self' data: https://*.timify.com https://*.timify.com/; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-J-jkSNjuXVZ_Yt2VEbanGw'; style-src 'self' https://apis.google.com/* 'nonce-J-jkSNjuXVZ_Yt2VEbanGw'; img-src * data: 1
frame-ancestors 'self' *.myhotelschool.nl ; 1
base-uri 'self' https://myprio.com https://www.myprio.com https://prio.pt https://www.myprio.pt https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com https://tile.openstreetmap.org; child-src 'self' https://www.googletagmanager.com gap:; frame-src 'self' https://www.googletagmanager.com gap:; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap:; default-src 'self' https://shellfirst.pt https://tile.openstreetmap.org https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org data:; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap: data: blob:; media-src https://tile.openstreetmap.org; object-src https://www.googletagmanager.com https://tile.openstreetmap.org; plugin-types https://www.googletagmanager.com; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://tile.openstreetmap.org gap: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tile.openstreetmap.org 'unsafe-inline'; frame-ancestors 'self' https://shellfirst.pt https://www.shellfirst.pt www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com gap:; report-uri 'self' /SecurityUtils/rest/Report/ReportViolations?Params=dMKSGramHhD2rZP695yqRVPe4cKspO2Eug36F1jxDd%2FTNeJ%2FmKyW%2Bt4rxScnZ2Y62Qn3zpjxms5sGn17JJ7Jdw%3D%3D; 1
base-uri 'self'; child-src 'self' data: www.youtube.com gap:; frame-src 'self' data: www.youtube.com gap:; connect-src 'self' www.google-analytics.com botbuilder.labiba.ai; default-src 'self' data: gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: blob:; media-src * data:; object-src 'self'; script-src 'self' data: botbuilder.labiba.ai www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=dRcQo7SQ0t7TNkYI1vYQlgueUeVoSWdcsI3o%2BGFIll%2FcdipsKJ1KCSQZ%2BeQqOUt2X3VtQUG9%2FxhRenGP2zpHNw%3D%3D; 1
script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com blob: https://*.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.surveymonkey.com https://js.stripe.com/v3/; img-src 'self' https://nzmca.s3.ap-southeast-2.amazonaws.com https://d1o3mhf2l0m2f4.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.co.nz https://*.ggpht.com *.googleusercontent.com data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.surveymonkey.com; frame-src *.google.com https://*.doubleclick.net youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com *.stripe.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.surveymonkey.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hotjar.com; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' unpkg.com https://*.stripe.com; font-src 'self' data:; img-src 'self' i.vimeocdn.com https://www.googletagmanager.com https://*.googlesyndication.com http://*.googlesyndication.com https://*.google-analytics.com https://*.google.com https://i.ytimg.com https://bat.bing.com https://www.google.it *.doubleclick.net https://www.facebook.com https://*.stripe.com https://*.linkedin.com data:; media-src 'self' player.vimeo.com vod-progressive.akamaized.net https://*.google-analytics.com; connect-src 'self' wss://ominee.com vimeo.com nominatim.openstreetmap.org https://*.google-analytics.com *.doubleclick.net wss://*.ominee.com https://*.ominee.com https://*.bing.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.google.com https://*.gstatic.com https://cdn.ampproject.org https://www.googletagmanager.com cdn.linkedin.oribi.io; script-src 'self' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com www.googletagmanager.com https://*.google-analytics.com blob: https://connect.facebook.net https://*.google.com https://www.gstatic.com https://bat.bing.com http://bat.bing.com https://*.google.it https://partner.googleadservices.com https://*.googlesyndication.com https://cdn.ampproject.org https://*.stripe.com https://*.licdn.com 'nonce-n7VneVSvWfmAPCcbfi8vAw'; frame-src self https://www.youtube.com http://www.youtube.com https://player.vimeo.com https://www.google.com/ https://googleads.g.doubleclick.net https://*.googlesyndication.com *.doubleclick.net https://www.facebook.com https://*.stripe.com; report-uri /csp_report 1
default-src 'self' *.pagofacil.de imspagofacil.es imsolutionspci.es *.google.com *.googleapis.com *.gstatic.com *.surveymonkey.com *.googletagmanager.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors https://pannonkincstar.hu 1
allow 'self'; font-src 'self'; media-src *; img-src * 'self'; script-src 'self' https://*.gravatar.com https://ajax.googleapis.com; https://*.google.com; style-src 'self'; 1
default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=OO9MQue3WlOcsHSR8DbEEeKxb0R%2Fd%2B22vfUEyich7qku%2FlL%2FDsWY0fWanin0lzbQN0tUSJFjWlyG9m8a%2FtRPMQ%3D%3D;  1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.google-analytics.com *.analytics.google.com cke4.ckeditor.com; font-src 'self'; frame-src *.tradetracker.net; img-src 'self' data: unpkg.com api.mapbox.com code.jquery.com *.buienradar.nl *.datatables.net *.google-analytics.com *.tradetracker.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com code.jquery.com *.datatables.net *.fontawesome.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com unpkg.com *.datatables.net *.tradetracker.net; upgrade-insecure-requests 1
default-src 'self';block-all-mixed-content ;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net;img-src 'self' data: *.gstatic.com maps.googleapis.com mts.googleapis.com *.cdninstagram.com *.googletagmanager.com *.drift.com www.google.com *.google-analytics.com *.google.be *.g.doubleclick.net *.facebook.com *.fbcdn.net *.bing.com https://sync.outbrain.com https://secure.adnxs.com https://pixel.rubiconproject.com https://ad.360yield.com https://r.casalemedia.com https://pixel.advertising.com https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://us-u.openx.net https://ad.yieldlab.net https://simage2.pubmatic.com https://visitor.omnitagjs.com https://cm.adform.net https://sp.analytics.yahoo.com https://rtb-csync.smartadserver.com https://matching.ivitrack.com https://ib.adnxs.com https://criteo-sync.teads.tv https://tg.socdm.com https://ih.adscale.de https://x.bidswitch.net https://dis.criteo.com https://cotads.adscale.de https://match.sharethrough.com https://ads.stickyadstv.com https://contextual.media.net https://cdn.stickyadstv.com https://i.imgur.com/ terrebleue.com https://c.clarity.ms https://sync-t1.taboola.com https://s.ad.smaato.net https://ups.analytics.yahoo.com https://insight.adsrvr.org *.criteo.com id5-sync.com *.mediavine.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com dpm.demdex.net beacon.krxd.net s.thebrighttag.com https://vumbnail.com/ *.emxdgt.com https://ct.pinterest.com/v3/* *.pinterest.com jadserve.postrelease.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com js.driftt.com http://player.vimeo.com/* https://player.vimeo.com/api/player.js *.vimeo.com *.getflowbox.com *.drift.com *.googletagmanager.com *.api.driftt.com data: *.googleadservices.com *.hotjar.com *.google-analytics.com *.g.doubleclick.net connect.facebook.net tagmanager.google.com criteo.net static.criteo.net *.criteo.com bat.bing.com https://www.google.com/recaptcha/api.js *.gstatic.com https://matomo-37c3d2d32108.victhorious.com https://www.google.com/pagead/conversion_async.js https://trackcmp.net prism.app-us1.com diffuser-cdn.app-us1.com https://js.adsrvr.org *.clarity.ms https://insight.adsrvr.org cdn.cookiehub.eu https://s.pinimg.com/ct/* https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.c22402a2.js *.pinimg.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net tagmanager.google.com terrebleue.com googletagmanager.com cdn.cookiehub.eu;report-uri /nelmio/csp/report;connect-src cdn.plyr.io *.amazonaws.com *.uat.dukeandgrace.site *.hotjar.com *.terrebleue.com wss://ws2.hotjar.com/api/v1/client/ws *.criteo.com *.dukeandgrace.site *.g.doubleclick.net *.google-analytics.com *.clarity.ms wss://*.hotjar.com insight.adsrvr.org maps.googleapis.com bat.bing.com region1.analytics.google.com consent-eu.cookiehub.net content.hotjar.io *.googlesyndication.com *.pinterest.com *.google.be;frame-src www.youtube.com *.vimeo.com js.driftt.com www.vimeo.com *.vimeo.com *.g.doubleclick.net *.hotjar.com *.criteo.com *.facebook.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org *.pinterest.com *.doubleclick.net;media-src *.cdninstagram.com *.fbcdn.net *.akamaized.net *.vimeo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ http://www.njuskalo.hr/ https://www.njuskalo.hr/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.tillpayments.com gateway.tillpayments.com *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'none'; frame-src 'self' secure.tillpayments.com *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: gateway.tillpayments.com *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 1
frame-ancestors 'self';  script-src 'nonce-ce5e05ca624966caeba6e3beec714916' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1
img-src *; default-src 'self' *.one.network https://ukwest-0.in.applicationinsights.azure.com//v2/track https://az416426.vo.msecnd.net/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net https://translate.google.com/ https://siteimproveanalytics.com https://apps.parcelforce.com www.googletagmanager.com www.google-analytics.com *.cloudfront.net *.paypal.com *.googleapis.com analytics.analytics-egain.com cloud-emea.analytics-egain.com fonts.gstatic.com portal.roadworks.org sgn.egain.cloud api.reciteme.com stats.g.doubleclick.net www.google.com www.google.co.uk www.gstatic.com maps.gstatic.com api.tomtom.com www.youtube.com *.google-analytics.com *.analytics.google.com https://cdn-ukwest.onetrust.com data: 'unsafe-eval' 'unsafe-inline'; report-uri https://orangebus.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.paypal.com https://*.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.datatrans.com/ https://frontend-cdn.digitalchargingsolutions.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://api.mixpanel.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.adyen.com https://*.paypal.com ; frame-src 'self' https://pay.sandbox.datatrans.com https://*.adyen.com https://*.paypal.com ; img-src 'self' https: data: https://cpologo.digitalchargingsolutions.com https://frontend-cdn.digitalchargingsolutions.com https://*.adyen.com https://*.paypal.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com ; style-src 'self' 'unsafe-inline' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.adyen.com https://*.paypal.com ; font-src 'self' https://frontend-cdn.digitalchargingsolutions.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; 1
* 1
default-src 'self' cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval'  cdnjs.cloudflare.com; 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' *.gstatic.com;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;       script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.googleapis.com www.google.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       img-src 'self' www.googletagmanager.com www.google-analytics.com *.googleapis.com         data: *.gstatic.com *.googleapis.com *.ggpht.com;       connect-src 'self' www.google-analytics.com *.googleapis.com;       frame-src 'self' www.google.com; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             js.hs-scripts.com 			js.hsforms.net             js.hsadspixel.net             js.hs-analytics.net             js.hs-banner.com             a.opmnstr.com             *.hotjar.com             *.salemove.com             *.glia.com             redbook.listerhill.com             connect.facebook.net             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             *.typeform.com             *.newtonsoftware.com             *.google-analytics.com 			*.analytics.google.com             *.googletagmanager.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com 			snap.licdn.com 			*.buzzsprout.com             *.banzai.org              banzai.org 			polyfill.io;         object-src 'self' data:;         style-src 'self' data: 'unsafe-inline' 			a.omappapi.com 			www.gstatic.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.groovecar.com             *.salemove.com             *.glia.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com;         img-src 'self' data: 			forms.hsforms.com 			forms-na1.hsforms.com 		    *.craft-cdn.com             www.facebook.com             *.googletagmanager.com             maps.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google.com             seal.digicert.com             i.ytimg.com             i.vimeocdn.com             *.mapbox.com             *.doubleclick.net             *.google.com             *.google-analytics.com 			*.analytics.google.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			px.ads.linkedin.com 			www.linkedin.com 			p.adsymptotic.com 			track.hubspot.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         media-src 'self' data:             vimeo.com             youtube.com             *.youtube.com             vimeocdn.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         frame-src data:             *.hotjar.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             listerhill.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com             *.vimeo.com             youtube.com             *.youtube.com             newton.newtonsoftware.com 			*.buzzsprout.com             *.typeform.com             *.salemove.com             zlcuma.secure.fundsxpress.com             banking.apiture.com             zlcuma.banking.apiture.com;             font-src 'self' data:             *.salemove.com             *.glia.com             *.google-analytics.com 			*.analytics.google.com             *.google.com             fonts.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             learnbanzai.com             banzai.org             *.googleapis.com;         connect-src 'self' wss:			analytics.google.com 			forms.hsforms.com 			hubspot-forms-static-embed.s3.amazonaws.com 			*.craftcms.com             *.salemove.com             *.glia.com             *.twilio.com             vc.hotjar.io             api.opmnstr.com             ssl.gstatic.com             *.omappapi.com             *.hotjar.com             *.google-analytics.com 			*.analytics.google.com             stats.g.doubleclick.net 			api.hubapi.com 			api.craftcms.com 			translate.googleapis.com             maps.googleapis.com 1
default-src 'self'; img-src 'self'  cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
base-uri 'none';child-src 'none';connect-src 'self' region1.google-analytics.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' www.google.com;img-src 'self' storage.googleapis.com;manifest-src 'self';media-src 'self' storage.googleapis.com;object-src 'none';script-src 'self' www.googletagmanager.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.smarthome.de  *.adform.net *.cloudflare.com *.cloudfront.net *.facebook.net *.google.de *.google.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.googlevideo.com *.gstatic.com *.intelliad.de *.nuki.io *.telekom.de *.usabilla.com *.wbtrk.net *.youtube-nocookie.com *.ytimg.com applepay.cdn-apple.com pay.google.com tag.contiamo.com empathy-portal.de lpcdn.lpsnmedia.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net cdn.novalnet.de nuki.io webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net s3-eu-west-1.amazonaws.com/dap-prod-dcq/advertisertag-server-code-ee63403fb95864c397%2C082.js; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.smarthome.de  *.cloudfront.net fonts.googleapis.com www.telekom.de webcode.telekom-dienste.de; img-src 'self' data: cdn.smarthome.de  *.adform.net *.brodos.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google.de *.google.com *.googlevideo.com *.gstatic.com *.intelliad.de *.telekom.de *.usabilla.com *.ytimg.com *.youtube-nocookie.com events.contiamo.com empathy-portal.de lptag.liveperson.net lpcdn.lpsnmedia.net tracking.mlsat02.de https://goliath.telekom-dienste.de webcode.telekom-dienste.de tags-eu.tiqcdn.com fbc.wcfbc.net s3-eu-west-1.amazonaws.com/dap-prod-dctag/i; media-src 'self' cdn.smarthome.de  *.adform.net *.google.de *.google.com *.gstatic.com *.googlevideo.com *.telekom.de *.youtube-nocookie.com *.ytimg.com lptag.liveperson.net lpcdn.lpsnmedia.net tags-eu.tiqcdn.com fbc.wcfbc.net; frame-src 'self' *.facebook.com *.facebook.net/ *.lo.cobrowse.liveperson.net *.paypal.com *.rfihub.com *.usabilla.com *.youtube-nocookie.com *.youtube.com https://d6tizftlrpuof.cloudfront.net email-telekom.de t23.intelliad.de lptag.liveperson.net server.lon.liveperson.net lpcdn.lpsnmedia.net nuki.io ebs08-stg.telekom.de ebs08.telekom.de shopsuche.telekom.de pay.google.com https://13082755.fls.doubleclick.net https://13081291.fls.doubleclick.net; font-src 'self' cdn.smarthome.de  data: *.gstatic.com *.usabilla.com https://ebs10.telekom.de https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.telekom.de/; connect-src 'self' *.paypal.com *.usabilla.com https://ebs10.telekom.de wss://gwe-dmz-cc.telekom.de https://gwe-dmz-cc.telekom.de https://rest.ice-search.de https://iss-staging-backend.ice-search.de https://ebs01-stg.telekom.de ebs01.telekom.de https://d6tizftlrpuof.cloudfront.net https://ebs02.telekom.de https://events.contiamo.com *.novalnet.de https://google.com/pay; form-action 'self' *.facebook.net *.facebook.com shopsuche.telekom.de; frame-ancestors 'self' https://pano.framework.tv https://telekom-cafe-ape.framework.tv 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv *.googleapis.com *.amplitude.com *.mapbox.com tags.srv.stackadapt.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv *.cloudfront.net *.googleapis.com *.gstatic.com ad.doubleclick.net adservice.google.com adservice.google.de cdn.filestackcontent.com *.amazonaws.com *.albertsons-media.com adservice.google.us assets.mikmak.workers.dev; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.mikmak.tv *.googleapis.com tags.srv.stackadapt.com *.mapbox.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mikmak.tv *.cloudfunctions.net *.googleapis.com *.amplitude.com *.mapbox.com tags.srv.stackadapt.com; font-src 'self' data: *.storck.com *.gstatic.com 4307249.fls.doubleclick.net; frame-src 'self' data: 4307249.fls.doubleclick.net di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors https://www.twoa.ac.nz 1
default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net/; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://cdn-cookieyes.com https://*.doubleclick.net https://*.googletagmanager.com/; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js  https://cdn.cookielaw.org 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170180740146800' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
default-src 'self'; style-src 'unsafe-inline' 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.reachmee.com/; img-src 'self' data: ; object-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; frame-src 'self' data: https://datawrapper.dwcdn.net/ https://*.reachmee.com/; 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri https://idsrv.conveyweb.co.uk/identity/csp/report 1
Content-Security-Policy= default-src "none"; script-src "self" https://corp-mktg.s3.us-west-2.amazonaws.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.cookielaw.org https://maps.googleapis.com https://prospect-form-plugin.2u.com; style-src "unsafe-inline" https://whitelabel.2u.com; img-src https://app.optimizely.com https://cdn.optimizely.com https://whitelabel.2u.com; frame-src https://a11801205434.cdn.optimizely.com https://a11801205434.cdn-pci.optimizely.com; connect-src https://*.optimizely.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: 'nonce-yD77o5Gly2nJSyYMqB9DRfZpfaX88IeZ' 'strict-dynamic' https://www.google-analytics.com https://www.googletagmanager.com; 1
default-src 'self'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org; img-src * data:; connect-src https://cdn.cookielaw.org https://privacyportal.onetrust.com; report-uri https://www.lexistracker.co.za/core/csp/report 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.net content.adfox.ru *.yandex.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.googleapis.com; font-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de *.digitale-drv-bund.de; child-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.deutsche-rentenversicherung.de *.digitale-drv-bund.de; frame-ancestors 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://www.google.de data: https://*.hsforms.com; object-src 'self' data:; frame-src 'self' *.youtube.com *.youtube-nocookie.com https://consentcdn.cookiebot.com https://www.krone-trailer.com https://publish.flyeralarm.digital https://*.hsforms.com; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js-eu1.hsforms.net; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://consentcdn.cookiebot.com https://*.hsforms.com https://*.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://www.krone-group.com https://krone-group.com; 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://maps.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn1.readspeaker.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://piwik.bzga.de https://cdn1.readspeaker.com https://maps.google.com https://maps.googleapis.com; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://khms0.googleapis.com https://khms1.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com data:; frame-src 'self' https://www.infektionsschutz.de https://app-eu.readspeaker.com; 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
default-src 'self' *.fg.cz *.fraus.cz *.fraus.com;font-src 'self' data: fonts.gstatic.com *.fg.cz *.google.com *.issuu.com;connect-src 'self' *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.fg.cz *.yandex.ru *.facebook.com *.seznam.cz *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.cz *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.linkedin.com *.cloudflare.com *.facebook.com *.facebook.net *.fg.cz *.fraus.cz *.fraus.com cdn.jsdelivr.net *.doubleclick.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz;form-action 'self' *.facebook.com *.facebook.net *.fg.cz *.google.com *.issuu.com *.doubleclick.net;frame-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com *.doubleclick.net;child-src 'self' *.facebook.com *.facebook.net *.youtube.com *.iplatba.cz *.vimeo.com *.fg.cz *.google.com *.issuu.com *.doubleclick.net;frame-ancestors 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.cz *.google.ie *.placeholder.com *.fg.cz *.fraus.cz *.fraus.com *.facebook.com *.facebook.net *.yandex.ru c.imedia.cz *.issuu.com *.seznam.cz loremflickr.com i.ytimg.com;style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com *.google.com *.fg.cz *.fraus.cz *.fraus.com *.issuu.com *.doubleclick.net;object-src 'self' *.fg.cz 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1
frame-ancestors 'self' https://shopproxy.p-s-s.de ; style-src 'self' localhost:* https://fonts.googleapis.com  https://test.vr-pay-ecommerce.de  http://oxomi.com 'unsafe-inline' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1
default-src dock.ui.bosch.tech  *.hotjar.com wss://*.hotjar.com 'self' https: *.junkers-bosch.es; media-src 'self' https: mycliplister.com; font-src data: *.hotjar.com wss://*.hotjar.com 'self' *.junkers-bosch.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers-bosch.es; script-src dock.ui.bosch.tech  https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self'; style-src 'self' 'unsafe-inline' occhat.elisa.fi https://public.flourish.studio/ https://fonts.googleapis.com/; img-src 'self' data: occhat.elisa.fi vero.piwik.pro data.reactandshare.com https://public.flourish.studio/; media-src 'self'; font-src 'self' https://public.flourish.studio/; script-src 'self' 'unsafe-inline' 'unsafe-eval' occhat.elisa.fi vero.piwik.pro vero.containers.piwik.pro www.youtube.com cdn.reactandshare.com data.reactandshare.com https://public.flourish.studio/; connect-src 'self' occhat.elisa.fi wss://occhat.elisa.fi vero.piwik.pro data.reactandshare.com; frame-src 'self' www.youtube.com https://app.powerbi.com https://public.flourish.studio/; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://cdn.mxpnl.com; img-src 'self' data: https://api.adorable.io https://chart.googleapis.com https://cdn.mxpnl.com; connect-src 'self' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com wss://triggers.hawkeye.care; font-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;img-src data: 'self' *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src data: 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self' achmeabank.nl;block-all-mixed-content;report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
img-src *; media-src *; script-src 'self'; frame-src 'self'; 1
frame-ancestors https://*.innovatrics.com 1
default-src 'self' *.relay42.com *.doubleclick.net googletagmanager.com *.googlesyndication.com *.googleadservices.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.achmea.nl *.facebook.net *.google.com *.googlesyndication.com *.linkedin.com *.r42tag.com *.relay42.com cdn.harvest.graindata.com https://www.googleoptimize.com https://www.googletagmanager.com maps.googleapis.com www.google-analytics.com  www.youtube.com ssl.synovite-scripts.com www.gstatic.com snap.licdn.com *.doubleclick.net *.googleadservices.com rekentools.webbridge.nl googletagmanager.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.google.com optimize.google.com gstatic.com;img-src data: 'self' *.achmea.nl *.contentsquare.net *.googlesyndication.com *.r42tag.com *.relay42.com https://www.googletagmanager.com maps.googleapis.com maps.gstatic.com optimize.google.com region1.analytics.google.com region1.google-analytics.com www.advieskeuze.nl www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com https://i.ytimg.com *.w3.org *.vimeocdn.com px.ads.linkedin.com px4.ads.linkedin.com google.be translate.google.com fonts.gstatic.com googleads.g.doubleclick.net rekentools.webbridge.nl zilverenkruis.nl;font-src data: 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.facebook.net *.googlesyndication.com api.advieskeuze.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com  www.google-analytics.com *.google.com *.doubleclick.net translate.googleapis.com;media-src 'self' *.youtube-nocookie.com player.vimeo.com www.youtube.com;object-src 'self' https://td.doubleclick.net/;child-src 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com optimize.google.com www.google.com player.vimeo.com t.svtrd.com td.doubleclick.net rekentools.webbridge.nl www.youtube.com https://td.doubleclick.net/ https://tpc.googlesyndication.com/;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net td.doubleclick.net rekentools.webbridge.nl https://www.youtube.com/ *.googlesyndication.com;form-action * 'self' t.svtrd.com *.achmea.nl;block-all-mixed-content;report-uri https://achmea.ams.report-uri.com/r/t/csp/enforce; 1
default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src vat9eh4iwa.execute-api.us-east-2.amazonaws.com analytics.google.com *.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' builder.lift.acquia.com connect.facebook.net snap.licdn.com tags.tiqcdn.com unruffled-shannon-1a7413.netlify.app www.google-analytics.com www.googleadservices.com www.googletagmanager.com endpoint2.mathilde-ads.com *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com pixel.sitescout.com; object-src 'none'; style-src 'self' 'unsafe-inline'  fonts.googleapis.com ftp.mathilde-ads.com *.cloudfront.net *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net cdn.linkedin.oribi.io  vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com; img-src 'self' data: www.google.com.pa www.multibank.com.pa googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com ftp.mathilde-ads.com *.cloudfront.net *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com googletagmanager.com; media-src 'self'; frame-src 'self' *.mathilde-ads.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com www.multibank.com.pa; connect-src 'self' adservice.google.com collect.tealiumiq.com mbpasxv7.staticmon.com notify.bugsnag.com opensheet.elk.sh sessions.bugsnag.com us-east-1-decisionapi.lift.acquia.com www.google-analytics.com stats.g.doubleclick.net endpoint2.mathilde-ads.com lv5wzylf7h.execute-api.us-east-2.amazonaws.com cdn.linkedin.oribi.io vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com region1.analytics.google.com analytics.google.com/g/collect; report-uri /es/report-csp-violation 1
object-src 'self'; img-src 'self' data: https:; media-src 'self'; font-src 'self' https://herthundbuss.com/; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com/ https://herthundbuss.com/; 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src 'self' 'unsafe-inline' ; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /emea/report-csp-violation 1
default-src 'self' * 'unsafe-inline' data: blob: 1
frame-ancestors 'self' hew.com *.hew.com; 1
base-uri 'self'; child-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; frame-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; connect-src 'self' https://www.google-analytics.com/g/ https://oppwa.com/ https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://lusiadas-staging.agentifai.com/ wss://lusiadas-staging.agentifai.com/ https://exames.maislusiadas.pt/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://region1.google-analytics.com/g/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.google-analytics.com/g/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; default-src 'self' data: gap: https://googletagmanager.com/gtag/js https://maislusiadas.pt https://maps.googleapis.com/maps/api/js https://maislusiadas.pt/favicon.ico https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://storage.googleapis.com/ https://fonts.gstatic.com/ https://exames.maislusiadas.pt/; img-src 'self' data: https://maps.gstatic.com https://maislusiadas.pt/Portal https://oppwa.com/ https://www.facebook.com https://*.googleapis.com https://*.ggpht https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.lusiadas.pt/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD> blob:; script-src 'self' data: https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://signin.apple.com https://appleid.cdn-apple.com https://maps.googleapis.com https://oppwa.com/ https://onlinepayments.pt/ https://connect.facebook.net https://maps.gstatic.com https://www.googletagmanager.com/ https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://exames.maislusiadas.pt/ https://www.googleadservices.com/ https://ads.google.com/ https://www.google-analytics.com/ https://*.googletagmanager.com https://*.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https://oppwa.com/ https://www.google.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://fonts.googleapis.com/ https://exames.maislusiadas.pt/ 'unsafe-inline'; frame-ancestors 'self' data: gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=67IMtCyaCBQVgfUMqAcl5Q5JTI5xKc6oYMV9i3yuGngc9DqttdQyU4dOlvQhZtpysZghgF0VvxLBm5RMNF9Sbg%3D%3D; frame-src 'self' gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com; report-uri /report-csp-violation 1
frame-src 'self' https://content.dionglobal.in https://www.youtube.com; child-src 'self' https://content.dionglobal.in https://www.youtube.com 1
script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ https://ajax.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 'self'; report-uri /nelmio/csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://www.paypal.com/ https://www.paypalobjects.com/ https://*.hdrmaps.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://analytics.hdrmaps.com/ https://youtube.com/ https://*.youtube.com/ https://www.gstatic.com/ https://connect.facebook.net/; img-src 'self' data: https://www.paypalobjects.com/ https://*.paypal.com/ https://*.ytimg.com/ https://www.facebook.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.paypalobjects.com/ https://www.youtube.com/ https://connect.facebook.net/en_US/fbevents.js https://www.recaptcha.net/ https://www.gstatic.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://www.google.com/ https://www.youtube.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://*.paypalobjects.com/ https://www.youtube.com/ https://connect.facebook.net/en_US/fbevents.js https://www.recaptcha.net/ https://www.gstatic.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://www.google.com/ https://www.youtube.com/; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 1
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; img-src 'self' data: https://*; object-src 'self' data: https://*; frame-src 'self' data: https://*; 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net chatbot.it.bund.de www9.idev.nrw.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ chatbot.it.bund.de www9.idev.nrw.de *.arcgis.com data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; frame-ancestors 'self'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * 'unsafe-inline' data:; media-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 1
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 1
default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:; 1
frame-ancestors 'self' webvisor.com *.webvisor.com yandex.ru *.yandex.ru 1
default-src 'self';object-src 'none';script-src 'self' *.googleapis.com *.ip-api.com *.fullsteampay.net *.google.com *.gstatic.com *.gstatic.cn *.recaptcha.net 'nonce-sso' 'nonce-delayed';style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.fullsteampay.net *.google.com *.gstatic.com;img-src 'self' data: *.gstatic.com *.googleapis.com;font-src 'self' data: *.fontawesome.com *.gstatic.com;connect-src 'self' maps.googleapis.com;frame-src 'self' *.fullsteampay.net *.recaptcha.net *.google.com;frame-ancestors 'none';upgrade-insecure-requests; 1
img-src ; media-src data:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://marker.io/; img-src 'self' data: blob: https://marker.io/; object-src 'self' data: blob: https://marker.io/; frame-src 'self' data: blob: https://marker.io/; 1
default-src 'self' *.optimizely.com https: s.webtrends.com *.mycliplister.com; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
default-src 'self' *.prd-gb-01.intelliflo.net *.gb.intelliflo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://libs.salemove.com/ https://libs.salemove.com/visitor/ https://api.salemove.eu/salemove_integration.js *.intelligent-office.net *.prd-gb-01.intelliflo.net *.gb.intelliflo.net cdn.walkme.com  ec.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net papi.walkme.com https://intelliflo-community.force.com/iOcomm/ https://intelliflo.my.site.com/iOcomm/ https://intelliflo.my.salesforce.com/lightning/ https://static.lightning.force.com/ https://*.la1-c2-lo2.salesforceliveagent.com/content/ https://service.force.com/embeddedservice/ https://intelliflo.my.salesforce.com/embeddedservice/ https://*.la1-c2-lo2.salesforceliveagent.com/chat/rest/ client.rum.us-east-1.amazonaws.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.walkme.com https://libs.salemove.com/ https://intelliflo-community.force.com/iOcomm/ https://intelliflo.my.site.com/iOcomm/ https://service.force.com/embeddedservice/; img-src 'self' 'unsafe-eval' 'unsafe-inline' ec.walkme.com papi.walkme.com s3.walkmeusercontent.com cdn.walkme.com *.amazonaws.com data: *.prd-gb-01.intelliflo.net *.gb.intelliflo.net; media-src 'self'; frame-src https: iodta:; font-src 'self' data: *.sfdcstatic.com https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.woff https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.ttf; connect-src 'self' *.prd-gb-01.intelliflo.net *.gb.intelliflo.net *.amazonaws.com https://kluster.salemove.eu/engagement_signaler/longpoll wss://kluster.salemove.eu/engagement_signaler/websocket https://api.salemove.eu/sites/ https://api.salemove.eu/engagements/ https://api.salemove.eu/visitor_config wss://pubsub.salemove.eu/notifications/websocket https://pubsub.salemove.eu/notifications/longpoll https://client-logger.salemove.eu/ wss://*.prd-gb-01.intelliflo.net *.gb.intelliflo.net ec.walkme.com cdn.walkme.com papi.walkme.com https://intelliflo-community.force.com/iOcomm/ https://*.la1-c2-lo2.salesforceliveagent.com/chat/rest/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com/ https://v1.addthisedge.com/ https://s3.amazonaws.com/ https://*.bazaarvoice.com/ http://nexus.ensighten.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://mpsnare.iesnare.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.list-manage.com/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.paypalobjects.com/ https://s.pinimg.com/ https://assets.pinterest.com/ https://ct.pinterest.com/ https://log.pinterest.com/ https://*.stripe.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://*.pinterest.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.darigold.com/ https://*.bazaarvoice.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.choozle.com/ https://tags.bluekai.com/ https://match.adsrvr.org/track/ https://idsync.rlcdn.com/ https://cm.g.doubleclick.net/ https://segments.company-target.com/; object-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; frame-src 'self' data: blob: https://*.paypal.com/ https://*.stripe.com/ https://*.pinterest.com/ https://s7.addthis.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://www.google.com/ https://www.youtube.com/ https://destinilocators.com/ https://s.amazon-adsystem.com/ https://*.fls.doubleclick.net/ https://*.bazaarvoice.com/ https://insight.adsrvr.org/ https://d1eoo1tco6rr5e.cloudfront.net/; form-action 'self' data: blob: https://www.facebook.com/tr/ https://*.bazaarvoice.com/ https://darigold.us6.list-manage.com/; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
base-uri 'self'; form-action 'self' data: *.mucf.se trk.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.cloudnet.cloud *.vimeo.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.ungidag.se *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud *.ungidag.se *.mucf.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se *.mucf.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se *.ungidag.se; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com *.hotjar.com wss://*.hotjar.com 1
script-src 'self' https://cdn.matomo.cloud https://kielikello.disqus.com https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com https://v1.addthis.com https://v1.addthisedge.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1