Values for x-webkit-csp:
report-uri /report-csp-violation 35
report-uri //report-csp-violation 33
default-src 'self' 21
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 17
default-src 'self'; 13
frame-ancestors 'self' 13
default-src 'self'; script-src 'self' 'unsafe-inline' 11
referrer origin 11
frame-ancestors 'self' https://*.adventhealth.com 9
allow 'self'; 9
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com  https://www.google-analytics.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com https://www.google-analytics.com 9
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 7
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 7
6
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 6
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; report-uri /report-csp-violation 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
frame-ancestors 'self' weleda.sabio.de 5
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 3
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 3
connect-src * 'self' 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 3
;frame-ancestors 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' blob:; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.doubleclick.net; style-src 'self' blob: 'unsafe-inline' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com *.fontawesome.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com; worker-src 'self' data: blob: wss:; object-src 'none' 3
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3
frame-ancestors 'self' https://*.salesforce.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.cdn.rawgit.com https://cdn.rawgit.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/  https://apps.kaonadn.net; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 3
default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com  *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.mousestats.com  *.m4dc.com data: ; object-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com  *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com  *.googleapis.com cdn.jsdelivr.net *.typekit.net  *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com  *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com  maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 3
frame-src http: https: ; frame-ancestors http: https: ; 3
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; 3
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com  www.bpost2.be bpaid.unfyd.com mediahuisassets.akamaized.net cdn.cxense.com scomcluster.cxense.com comcluster.cxense.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com comcluster.cxense.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com bpaid.bpost.be; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be  cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2; report-uri /nl/report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com; 2
img-src 'self' https://www.googleapis.com www.googleapis.com https://*.gstatic.com *.gstatic.com https://www.google-analytics.com www.google-analytics.com https://maps.googleapis.com maps.googleapis.com https://khms0.googleapis.com khms0.googleapis.com https://khms1.googleapis.com khms1.googleapis.com https://p.travelsmarter.net p.travelsmarter.net https://www.tripadvisor.co.uk www.tripadvisor.co.uk blob: data:; script-src 'self' https://unpkg.com unpkg.com https://www.youtube.com www.youtube.com https://www.google-analytics.com www.google-analytics.com https://www.googleapis.com www.googleapis.com https://maps.googleapis.com maps.googleapis.com https://platform.twitter.com platform.twitter.com https://www.googletagmanager.com www.googletagmanager.com https://tagmanager.google.com tagmanager.google.com https://www.peoplescollection.wales www.peoplescollection.wales https://www.casgliadywerin.cymru www.casgliadywerin.cymru https://ajax.googleapis.com ajax.googleapis.com https://kiosk.wales kiosk.wales https://static.tacdn.com static.tacdn.com https://www.tripadvisor.com www.tripadvisor.com 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de cms.deutsche-digitale-bibliothek.de *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de *.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com cms.deutsche-digitale-bibliothek.de; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' cms.deutsche-digitale-bibliothek.de; connect-src *.akamaihd.net *.vimeo.com 'self' cms.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de *.google.com *.twitter.com *.facebook.com *.youtube.com cms.deutsche-digitale-bibliothek.de; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de; 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com *.whisbi.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com *.whisbi.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com; report-uri /admin/config/system/seckit/csp-report 2
upgrade-insecure-requests 2
frame-ancestors 'self' https://*.etracker.com 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://static.ads-twitter.com/uwt.js https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
deafult-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 2
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
default-src https: 'unsafe-inline' 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' shop.bestservice.de dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net *.youtube.com;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com static.addtoany.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io s3.amazonaws.com sshs-web.s3.amazonaws.com *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com stats.g.doubleclick.net *.google-analytics.com; frame-src 'self' 'unsafe-inline' static.addtoany.com *.doubleclick.net *.google.com add auntbertha.com *.auntbertha.com players.brightcove.net *.youtube.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com sshs-web.s3.amazonaws.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com; report-uri //report-csp-violation 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com flockler.com embed-cdn.flockler.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com static.flockler.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; report-uri /report-csp-violation 2
policy-uri /'self' 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 2
defult-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu; report-uri /report-csp-violation 2
frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
policy-uri /parivahan/'self' 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
frame-ancestors http://b2b.cnyes.com https://b2b.cnyes.com 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.howsmyssl.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com *.sce.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com *.sce.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.serving-sys.com 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1
default-src 'self'; img-src 'self' data: https://www.google-analytics.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dap.digitalgov.gov https://www.google-analytics.com; connect-src 'self'  https://www.google-analytics.com https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; report-uri https://telemetry.consumersentinel.gov/api/contentsecuritypolicy 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net data: ; 1
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 1
frame-ancestors *.payback.de 1
frame-ancestors 'self' https://*.hapara.com/ 1
block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
default-src 'self' *.poliziadistato.it:* blob: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it *.raiplay.it *.rai.it 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
default-src * 'unsafe-inline' 'unsafe-eval' ; worker-src blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://www.pointspot.com https://d2oqblkpgg4rwg.cloudfront.net https://d2v8pqu56zrlzr.cloudfront.net  https://*.intelispend-staging.com https://intelispend-staging.com https://*.intelispend.com https://www.1.awardhq.com; font-src 'self' https://*.intelispend.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src *; style-src https: 'unsafe-inline'; script-src https: https://www.google.com/recaptcha www.recaptcha.net 'unsafe-eval' 'unsafe-inline'; child-src www.google.com www.recaptcha.net; object-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net https://vk.com 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' cdn.logrocket.io api.usersnap.com cdn.usersnap.com cs.money staging.empire-dev-building.xyz mc.yandex.ru diffuser-cdn.app-us1.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net api.basisid.com; worker-src 'self' data: blob: staging.empire-dev-building.xyz; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 1
report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://payments.amazon.co.jp/ https://payments.amazon.co.uk https://*.amazon.de https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://payments.amazon.co.jp https://payments-jp.amazon.com https://*.amazon.de https://payments-de.amazon.com https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh; report-uri /eur/report-csp-violation 1
default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com https://fast.appcues.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com https://vulpix.appcues.com https://res.cloudinary.com https://twemoji.maxcdn.com https://fast.appcues.com https://api.appcues.net wss://api.appcues.net https://vulpix.appcues.com https://appcues-content-api-prod.herokuapp.com https://nh436jpc4i.execute-api.us-west-2.amazonaws.com https://104cl9psz3.execute-api.us-west-2.amazonaws.com https://appcues-quickstart.s3-us-west-2.amazonaws.com https://*.firebase.com wss://*.firebaseio.com https://*.firebaseio.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com https://my.appcues.com https://*.firebaseio.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com https://fast.appcues.com https://my.appcues.com https://cdn.firebase.com https://*.firebaseio.com https://appcues-quickstart.s3-us-west-2.amazonaws.com; object-src 'self' static.integromat.com 1
upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.amegybank.com https://*.amegybank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.amegybank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com  *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com *.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com  *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net *.cloudflare.com; report-uri /admin/config/system/seckit/csp-report 1
frame-src 'self' mailto: blob: *.qualaroo.com *.simpli.fi *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com http://clinicfinder.cochlear.com *.linkedin.com http://www.cvent.com http://cochlearevents.cvent.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net http://clinicfinder.cochlear.com *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' localhost:8080 *.cvent.com *.linkedin.com http://clinicfinder.cochlear.com   *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.google-analytics.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data:  *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com http://test-iwh-de.cochlear.com http://test.cochlear.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.qualaroo.com *.simpli.fi *.yahoo.com *.yimg.com *.adnxs.com *.swiftype.com *.googletagmanager.com *.google.com *.leadspediatrack.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com  *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com http://go.cochlear.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de *.salesforceliveagent.com *.amazonaws.com; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.com https://aw.dw.impact-ad.jp https://ssl-avd.innity.net https://as.innity.com https://cdn.innity.net https://sgp-spvapro-01.teleperformanceusa.com https://cdnjs.cloudflare.com https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' https://optimize.innity.com https://avd.innity.com https://ib.adnxs.com http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com  http://www.google-analytics.com  https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google-analytics.com *.typekit.com *.addthis.com *.addthisedge.com *.chartbeat.com *.infogram.com *.jquery.com unpkg.com *.newrelic.com *.nr-data.net *.formstack.com *.googleapis.com *.amazonaws.com *.wnyc.org *.cloudflare.com *.twitter.com *.twimg.com airtable.com *.airtable.com; object-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; style-src 'self' 'unsafe-inline' unpkg.com *.formstack.com *.google.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; img-src 'self' 'unsafe-inline' data: *.twimg.com *.typekit.net *.google-analytics.com *.doubleclick.net *.chartbeat.net *.tinypic.com *.wmflabs.org *.formstack.com *.amazonaws.com *.googleapis.com *.wnyc.org *.addthis.com *.twitter.com airtable.com *.airtable.com; media-src 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.twitter.com airtable.com *.airtable.com; frame-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.google.com *.infogram.com *.jquery.com *.formstack.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.c-span.org *.youtube.com; frame-ancestors 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; font-src 'self' 'unsafe-inline' *.typekit.com *.googleapis.com *.gstatic.com *.twitter.com airtable.com *.airtable.com data:; connect-src 'self' 'unsafe-inline' *.addthis.com *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com *.doubleclick.net airtable.com *.airtable.com; report-uri //report-csp-violation 1
default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com  yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com data: *.motel-one.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu; 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net; media-src 'self' https: *.guinness-storehouse.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com; report-uri //report-csp-violation 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hs-analytics.net static.hotjar.com cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com js.braintreegateway.com assets.braintreegateway.com www.google.com *.hotjar.com www.google-analytics.com *.vo.msecnd.net dc.services.visualstudio.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com *.fotorama.io adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net assets.braintreegateway.com *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net media.licdn.com; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com assets.braintreegateway.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net *.hotjar.com; font-src * https: data:; 1
frame-ancestors 'self' https://*.allhomes.com.au 1
frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com hongleongbank.sc.omtrdc.net dpm.demdex.net 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline' http://pbs.twimg.com; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com jobs.nga.net.au; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au jobs.nga.net.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline' jobs.nga.net.au; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.gstatic.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.hotjar.io *.googletagmanager.com *.google.com *.casa.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.casa.gov.au *.googleapis.com *.webspellchecker.net *.gstatic.com; object-src 'none'; style-src 'self' * 'unsafe-inline' ; img-src * 'unsafe-inline' data:; frame-ancestors 'self' https://chat.casa.gov.au https://www.casa.gov.au *.hotjar.com *.youtube.com *.inq.com casa.inq.com https://media-aus.inq.com https://casa.inq.com; font-src 'self' * 'unsafe-inline' ; connect-src 'self' * 'unsafe-inline' ; report-uri /report-csp-violation 1
default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' trust.zone data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com *.paypalobjects.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com paypal.com; report-uri https://trust.zone/_csp_log 1
default-src 'self'; style-src 'unsafe-inline' *; frame-src *; img-src * data:; media-src *; font-src *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.com.ua *.yandex.net *.yandex.ru *.yandex.ua yastatic.net *.imgsmail.ru *.google.com adservice.google.ru *.yandex.st an.yandex.ru platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru https://st.astraone.io; connect-src *; report-uri /csp.php 1
frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; connect-src 'self' http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.google.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.cludo.com https://*.adsrvr.org https://connect.facebook.net https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; img-src 'self' data: https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.facebook.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; media-src 'self' data:; frame-src 'self' https://*.nsbank.com https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com  *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; connect-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' http: https: www.krebshilfe.de; 1
style-src 'self' 'unsafe-inline' widget.cloud.opta.net stackpath.bootstrapcdn.com fonts.googleapis.com cdn.theoplayer.com cdn-nwsl.video.aetnd.com qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com secure.widget.cloud.opta.net www.google.com platform.twitter.com ton.twimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-nwsl.video.aetnd.com qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com widget.cloud.opta.net secure.widget.cloud.opta.net platform.twitter.com cse.google.com calendarx.com www.youtube.com www.google.com www.google-analytics.com cdn.theoplayer.com cdn.syndication.twimg.com www.instagram.com api.performfeeds.com www.googletagmanager.com; worker-src blob: 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com; img-src 'self' scontent.cdninstagram.com scontent.xx.fbcdn.net www.facebook.com syndication.twitter.com www.google-analytics.com i.ytimg.com https://external.xx.fbcdn.net data: https://chart.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com *.juicer.io *.google.com *.imgur.com app.icontact.com; frame-src 'self' * *.entenmanns.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
default-src https: 'self' https://*.googleusercontent.com wss://inspectletws.herokuapp.com https://cdn.inspectlet.com https://mijn.mkbservicedesk.nl https://app.readspeaker.com https://*.googleapis.com https://*.chkmkt.com wss://ws1.hotjar.com; script-src https: 'self' 'unsafe-inline'; style-src 'self' https://* 'unsafe-inline'; img-src 'self' https://shared.piwik.prisma-it.com https://veiliginternetten.nl data: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com 25livepub.collegenet.com 5p4rk13.com bbox.blackbaudhosting.com connect.facebook.net cse.google.com e.issuu.com fonts.googleapis.com loader.webspellchecker.net rw1.marchex.io scripts.mymarketingreports.com spscc.hobsonsradius.com translate.google.com translate.googleapis.com www.google-analytics.com www.googleapis.com www.google.com www.googletagmanager.com www.googleadservices.com www.tickcounter.com googleads.g.doubleclick.net siteimproveanalytics.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdnjs.cloudflare.com fonts.googleapis.com spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com translate.googleapis.com www.google.com; img-src 'self' 'unsafe-inline' data: 25livepub.collegenet.com bbox.blackbaudhosting.com clients1.google.com fonts.googleapis.com i.ytimg.com px.marchex.io spscc.edu spscc.radiusbycampusmgmt.com spscc.hobsonsradius.com stats.g.doubleclick.net translate.google.com translate.googleapis.com www.facebook.com www.google-analytics.com www.googleapis.com www.google.com www.gstatic.com *.siteimprove.com  *.siteimproveanalytics.io googleads.g.doubleclick.net; media-src 'self' 'unsafe-inline'; frame-src 'self' 5p4rk13.com bbox.blackbaudhosting.com calendar.google.com connect.facebook.net cse.google.com e.issuu.com maps.google.com snapwidget.com staticxx.facebook.com www.facebook.com www.google.com www.tickcounter.com www.youtube.com googleads.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com staticxx.facebook.com www.google.com; connect-src 'self' translate.googleapis.com; report-uri /report-csp-violation 1
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:*; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' http://*.amazonaws.com:* https://*.amazonaws.com:*; frame-src 'self' 'unsafe-inline' * blob:*; frame-ancestors 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' * blob:* blob:; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' *.google-analytics.com *.newrelic.com stats.g.doubleclick.net *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com  *.tbe.taleo.net *.licdn.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com  *.google.com *.google.co.* stats.g.doubleclick.net *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com *.ads.linkedin.com *.adsymptotic.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com *.tbe.taleo.net *.tbe.taleo.net/chu03/ats/careers/apply.jsp d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data:  d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.g.doubleclick.net *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://*.adobedtm.com http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.adobedtm.com https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src data: https: http:; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1
default-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1
default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net *.cetrk.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com  http://svc.webspellchecker.net https://ajax.googleapis.com/ https://maps.google.com/ https://maps.googleapis.com/ https://weatherwidget.io/; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com https://maps.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://tripura.gov.in/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://164.100.127.45 https://weatherwidget.io; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-ae8c06a12ac1d3b2e79ea683'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-057a51b7de9dc330480a452619fad825' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.sanayi.gov.tr *.googleapis.com *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com; connect-src *.sanayi.gov.tr *.twitter.com; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1
child-src 'self' www.youtube.com accounts.google.com; connect-src *; default-src 'self'; img-src 'self' * storage.googleapis.com maps.googleapis.com images.pexels.com *.amazonaws.com www.localsearch.com.au maps.googleapis.com maps.gstatic.com *.localsearch.cloud *.googleusercontent.com *.facebook.com googleads.g.doubleclick.net pagead2.googlesyndication.com ssl.gstatic.com dev.visualwebsiteoptimizer.com data:; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * cdn.polyfill.io maps.googleapis.com connect.facebook.net/en_US/sdk.js *.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com tagmanager.google.com heapanalytics.com googletagmanager.com dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' blob: dev.visualwebsiteoptimizer.com tagmanager.google.com heapanalytics.com fonts.googleapis.com cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css fonts.googleapis.com/css; frame-src *.facebook.com *.google.com *.youtube.com *.gstatic.com heapanalytics.com googleads.g.doubleclick.net pagead2.googlesyndication.com dev.visualwebsiteoptimizer.com 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.google-analytics.com *.addtoany.com *.rosacea.org *.amazonaws.com *.google.com *.gstatic.com rosacea.us7.list-manage.com; object-src 'self'; style-src  'self' *.googleapis.com *.mailchimp.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.rosacea.org data:; media-src 'self'; frame-src 'self' *.addtoany.com *.force.com *.google.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src *.googleapis.com 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1
script-src 'self' * www.googletagmanager.com download.zohopublic.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com  www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';style-src 'self' download.zohopublic.com salesiq.zohopublic.com css.zohostatic.com dyjgaef5vuq51.cloudfront.net fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' download.zohopublic.com salesiq.zoho.com img.zohostatic.com salesiq.zohopublic.com fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomasbreads.com connect.facebook.net cdn.socialtwist.com ajax.googleapis.com www.googletagmanager.com assets.pinterest.com js-agent.newrelic.com *.pinterest.com  https://www.google-analytics.com https://bam.nr-data.net https://chat.consumercare.net  https://h6.consumercare.net  https://ad.atdmt.com https://www.econsumeraffairs.com https://www.google.com https://www.gstatic.com https://widgets.socialtwist.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.econsumeraffairs.com *.consumercare.net *.socialtwist.com; connect-src 'self' *.revemarketing.com https://www.google-analytics.com  https://stats.g.doubleclick.net  wss://webchat.revemarketing.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.com/ads https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; media-src 'self'; frame-src 'self' https://trustly.desk.com https://accounts.google.com https://www.google.com/maps/embed https://maps.google.se/maps https://www.youtube.com https://tb.de17a.com https://services.trustlylabs.com/recaptcha/; script-src 'self'; font-src 'self'; connect-src 'self' https://services.trustlylabs.com https://tr.datanyze.com https://t.co https://www.salesforce.com https://api.lever.co; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' pei-portal.rexx-systems.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.instagram.com *.itzbund.de pei-portal.rexx-systems.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; child-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.instagram.com pei-portal.rexx-systems.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.honcode.ch *.itzbund.de; frame-ancestors 'self' pei-portal.rexx-systems.com; 1
default-src 'self' https://www.itsme.be https://business.itsme.be; script-src 'self' 'sha256-7cojap65Z8u7cb2zVYoh8EzAt9dpvJv+vWyXDuc1gDk=' https://www.itsme.be https://business.itsme.be *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://www.itsme.be https://business.itsme.be *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com; object-src 'none' ; frame-src 'self' https://www.itsme.be https://business.itsme.be *.youtube.com *.youtube-nocookie.com; connect-src https://www.itsme.be https://business.itsme.be *.google-analytics.com; 1
default-src 'self';style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oss.maxcdn.com https://w.uptolike.com http://place1102.nighter.club http://*.disqus.com http://dsp.kavanga.ru http://w.uptolike.com http://*.googleapis.com http://www.youtube.com http://*.disquscdn.com https://*.googleapis.com http://www.google-analytics.com http://ads.betweendigital.com http://*.admixer.net https://brandomatic.ru http://disqus.com http://*.rambler.ru http://cache.betweendigital.com http://yandex.st http://*.yandex.ru http://cdn.admixer.net https://relap.io https://yandex.st https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.st http://vk.com http://platform.twitter.com http://api9.net https://apis.google.com http://js.advideo.ru https://advertshot.ru http://place1100.nighter.club http://rt.tizerlady.biz http://uk.tizerlady.com http://v.actionteaser.ru http://ssp.clickganic.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com  loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com ; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com 'self' d34l49dszxxnhj.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net  d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com d34l49dszxxnhj.cloudfront.net; connect-src 'self' bam.nr-data.net e.issuu.com; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maxymiser.net:* *.cloudfront.net:* *.googletagmanager.com:* *.facebook.net:* *.tvsquared.com:* *.tito.io:* *.youtube.com:* *.outbrain.com:* *.google-analytics.com:* *.ytimg.com:* *.google.com:* *.gstatic.com:* *.newrelic.com *.micpn.com:* *.nr-data.net:* *.twitter.com:* *.pinterest.com:* *.craftyclicks.co.uk:* *.blackbaudhosting.com:* *.ubembed.com:* *.pinimg.com:* *.adsrvr.org:* *.ads-twitter.com:* *.bing.com:* *.kiosk.bdch.org.uk:* *.blackbaud.com:* https://bbox.blackbaudhosting.com:* https://payments.blackbaud.com:*; object-src *.cloudfront.net:* *.cloudfront.net *.maxymiser.net:* *.kiosk.bdch.org.uk:*; style-src 'self' 'unsafe-inline' *.acquia-sites.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.blackbaudhosting.com:* *.blackbaud.com:*; img-src 'self' data: *.cloudfront.net *.cloudfront.net:* *.adnxs.com:* *.tvsquared.com:* *.outbrain.com:* *.google-analytics.com:* *.facebook.com:* *.doubleclick.net:* *.googletagmanager.com:* *.google.com:* *.google.co.uk:* *.atdmt.com:* *.adnxs.com:* *.google.co.in:* *.force.com:* *.ytimg.com:* *.micpn.com:* *.twitter.com:* *.battersea.org.uk:* *.adsrvr.org:* *.casalemedia.com:* *.pinterest.com:* *.blackbaudhosting.com:* t.co:* *.bing.com:* *.google.dk:* *.google.pl:* *.google.gr:*; media-src 'self' *.cloudfront.net:* *.cloudfront.net; frame-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:* *.kiosk.bdch.org.uk:* *.blackbaud.com:*; frame-ancestors 'self' *.blackbaud.com:*; child-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:* *.blackbaud.com:*; font-src 'self' 'unsafe-inline' *.googleusercontent.com:* *.google.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.maxymiser.net:* data:* data: *.bdch.org.uk:*; connect-src 'self' *.google-analytics.com:*  *.maxymiser.net:* *.facebook.com:* *.pinterest.com:* *.doubleclick.net:* *.kiosk.bdch.org.uk:* *.bdch.org.uk:* *.blackbaud.com:*; report-uri /report-csp-violation 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
base-uri 'none'; default-src 'none'; child-src https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.googleapis.com https://*.findaphd.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.jove.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk https://*.jic.ac.uk https://*.findaphd.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.mt https://*.google.com.ua https://*.google.ie https://*.google.it https://*.google.se https://*.google.sk https://*.ytimg.com https://secure.gravatar.com https://*.bing.com https://stats.g.doubleclick.net blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.algolianet.com https://*.gstatic.com https://*.google.ae https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.mt https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ie https://*.google.it https://*.google.ru https://*.google.sk https://*.bing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.google.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/john-innes-centre; report-to https://poirot.selesti.com/api/violation/john-innes-centre; 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://cdn2.prozorro.gov.ua https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
: default-src * 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.emlgrid.com *.salesmanago.pl *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com data.zortrax.com *.gravatar.com *.ggpht.com *.emlgrid.com *.salesmanago.pl *.ssl.gstatic.com  *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct app.humdash.com cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com *.luckyorange.net ws://localhost:3000 *.emlgrid.com *.salesmanago.pl *.google-analytics.com *.tagmanager.google.com app.humdash.com  ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www. .com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.comhttps://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com https://*.alexa.com https://cdn.polyfill.io https://www.gstatic.com https://*.crisp.chat wss://*.crisp.chat wss://stream.binance.com:9443; 1
base-uri 'self'; default-src 'none'; connect-src 'self' https://*.animebytes.tv; font-src 'self' data:; form-action 'self' https://*.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://*.animebytes.tv https://www.youtube-nocookie.com https://*.soundcloud.com; img-src 'self' https://*.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri /xhr/csp; report-to /xhr/csp; upgrade-insecure-requests; options inline-script eval-script; xhr-src 'self' https://*.animebytes.tv; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com https://w.soundcloud.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' fast.fonts.net; object-src *.youtube.com www.youtube.com *.ytimg.com *.googlevideo.com *.vhall.com e.vhall.com https://player.soundcloud.com; 1
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.google-analytics.com https://nexus.ensighten.com https://www.paypalobjects.com data: 'unsafe-inline' 'unsafe-eval'; img-src * https://stats.g.doubleclick.net data:; font-src 'self' https://www.paypalobjects.com/ data:; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://nexus.ensighten.com/ https://s94483084.t.eloqua.com/ data:; 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src=self 1
default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org https://maps.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net https://ajax.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.google.com https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/ https://pcu.mortgagewebcenter.com; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' https://stats.g.doubleclick.net 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.amazonaws.com *.britishcouncil.org/ http://*.britishcouncil.org.cn http://englishagendad7.bcdev.org.uk https://*.ckeditor.com https://*.cloudflare.com https://*.consensu.org https://*.doubleclick.net http://connect.facebook.net https://*.facebook.com *.google-analytics.com *.google.com http://www.googleadservices.com https://*.googleusercontent.com *.googletagmanager.com https://www.gstatic.com http://v3.jiathis.com https://bam.nr-data.net https://js-agent.newrelic.com https://*.piktochart.com http://*.qualaroo.com *.rackcdn.com https://www.recaptcha.net http://*.sharethis.com http://static.cdn-ec.viddler.com https://stats.viddler.com http://*.viddler.com https://www.youtube.com *.chinacache.com uktc.fospha.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://static.getclicky.com https://in.getclicky.com https://*.google.com http://*.google.com https://www.eventbrite.com.au https://form.jotform.co https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://clicky.com; style-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://*.google.com http://*.google.com https://static.getclicky.com; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://*.google.com http://*.google.com  https://ssl.gstatic.com; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/ https://user-e3mlril.cld.bz https://www.googletagmanager.com https://www.eventbrite.com.au; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/ https://translate.googleapis.com https://in.getclicky.com https://createsend.com; report-uri /report-csp-violation 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.google-analytics.com *.salesforce.com *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com bam.nr-data.net *.google-analytics.com js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/; style-src 'self' 'unsafe-inline'; img-src 'self' *.crazyegg.com bam.nr-data.net *.google-analytics.com *.doubleclick.net js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/; frame-src 'self' *.stripe.com *.salesforce.com *.vimeo.com; child-src 'self' *.stripe.com *.salesforce *.vimeo.com; font-src 'self' 'unsafe-inline'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'; 1
default-src 'self' *.zdassests.com *.cloudinary.com; connect-src https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.myshopify.com https://*.openshiftapps.com localhost:* https://sentry.io *.yotpo.com www.google-analytics.com likeshop.me https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.hotjar.io https://*.hotjar.com https://devacurl.2m8f.net wss://widget-mediator.zopim.com https://*.doubleclick.net; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data: likeshop.me; frame-src *.doubleclick.net optimize.google.com *.phorest.me phorest.me phorest.com *.dotmailer-surveys.com *.hotjar.com *.youtube.com *.googletagmanager.com *.facebook.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.yotpo.com *.doubleclick.net *.google.com *.dashhudson.com *.google.com *.bing.com *.hotjar.com *.facebook.net *.zdassets.com https://widget-mediator.zopim.com *.dotmailer-surveys.com https://*.impactradius-event.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com *.google.com *.googleapis.com; report-uri https://sentry.io/api/1474106/security/?sentry_key=71495ca5d2814cc995ebaa6fa5461d8f&sentry_environment=prod; media-src 'self' *.zdassets.com *.cloudinary.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://*.google-analytics.com https://*.google.com https://www.gstatic.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://tableaupublic.princeton.edu https://www.trumba.com/ https://*.twitter.com https://*.twimg.com https://widget.uservoice.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://*.twitter.com https://*.twimg.com https://p.typekit.net/ https://use.typekit.net/; img-src * data:; media-src *; frame-src *; child-src *; font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://use.typekit.net/; connect-src 'self' https://www.google-analytics.com/; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.gstatic.com/feedback/ https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com; img-src * data: blob:; font-src *; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com  *.media.brightcove.com *.mouseflow.com cdn.jsdelivr.net www.edisoninvestmentresearch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nr-data.net *.mouseflow.com www.edisoninvestmentresearch.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net typekit.net www.edisoninvestmentresearch.com p.typekit.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src om careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com www.edisoninvestmentresearch.com; frame-ancestors 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com www.edisoninvestmentresearch.com ; child-src 'self' www.edisoninvestmentresearch.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://s.yimg.com http://cdn.printfriendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self'; frame-src 'self' data: https://static.addtoany.com https://fwb.malaysiaairports.com.my https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://fwb.malaysiaairports.com.my; child-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; report-uri //report-csp-violation 1
default-src 'self'; allow 'self'; script-src 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-CaithhPEuzawQBtdl7xmWqEB' 'nonce-hWITQxSxZK2AH2cDxhphX/NS' 'nonce-cZ5X+LdEfC+/N2iRjkqso6kh' 'nonce-w7p1O665uZCQuveJ0pt3qCPh' 'nonce-la8SFye5W/Juvzi+Xep4wSxB' 'nonce-dicxVTMgDV45KSo6nEIu69OD' 'nonce-gdVXsLlF6ylUWp5olVxa1F5H' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; connect-src https://*.revo.com https://*.thelabnyc.com https://*.myshopify.com localhost:* *.hotjar.com *.hotjar.io facebook.com sentry.io *.yotpo.com storerocket.io *.mapbox.com www.google-analytics.com www.facebook.com wss://ws2.hotjar.com https://widget.us.criteo.com http://siteblock.exeloncorp.com adservice.google.com stats.g.doubleclick.net *.fastly.net; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.hotjar.com *.criteo.com *.criteo.net optimize.google.com www.googletagmanager.com connect.facebook.net www.facebook.com www.yahoo.com *.yahoo.com app.five9.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com connect.facebook.net *.hotjar.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.criteo.net *.criteo.com *.criteotilt.com *.experticity.com *.storerocket.io *.yotpo.com *.doubleclick.net *.jsdelivr.net *.mapbox.com tagmanager.google.com optimize.google.com *.list-manage.com z.moatads.com https://l.facebook.com app.five9.com *.fastly.net; worker-src blob:; style-src 'self' 'unsafe-inline' *.yotpo.com tagmanager.google.com optimize.google.com fonts.googleapis.com app.five9.com; child-src blob:; report-uri https://sentry.io/api/1388394/security/?sentry_key=05cf1ae732d54995bff9b1d4ab1dfc07&sentry_environment=production 1
default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com; report-uri https://csp-report-uri.bureauveritas.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com code.jquery.com ssl.google-analytics.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com https://www.foodwatch.org/de/iframe/ https://js.stripe.com https://hooks.stripe.com https://www.paypal.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de https://api.betterplace.org/ https://sentry.okfn.de https://api.stripe.com;child-src blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;frame-ancestors *;report-uri https://sentry.okfn.de/api/4/csp-report/?sentry_key=b0305966ad35428b88f611c796792749; 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com/; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net  www.googleadservices.com trkn.us *.doubleclick.net www.facebook.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com *.inspectlet.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com *.google.com www.googleadservices.com trkn.us *.doubleclick.net www.facebook.com *.googleapis.com; img-src 'self' data: *.googletagmanager.com maps.gstatic.com www.googleadservices.com trkn.us *.doubleclick.net www.facebook.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.inspectlet.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.listerhill.com; frame-src data: www.facebook.com *.listerhill.com *.google-analytics.com *.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com *.google.com fonts.gstatic.com www.googleadservices.com trkn.us *.doubleclick.net www.facebook.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.inspectlet.com wss://ws.inspectlet.com 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' https://*.datatables.net https://*.pordata.pt https://*.pordatakids.pt https://ajax.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.cloudflare.com https://*.facebook.com https://*.facebook.net; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; media-src 'self'; object-src 'self' https://*.pordata.pt https://*.pordatakids.pt; script-src 'self' https://*.datatables.net https://*.pordata.pt https://*.pordatakids.pt https://ajax.googleapis.com www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.cloudflare.com https://*.facebook.com https://*.facebook.net https://*.google.pt 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=YlJMuv3%2bn7KVak4aT3mJmVA9nEPJoioW7CB%2fkGP%2fBh%2b3cGJwVYv7PqUKs1FvaQDWqFLO7RVLRIuTGyaYQH4OPmIMHo2s%2fm71NyF3%2byRFNigiLZlNqplf6y4CVSJCFjuX; 1
script-src www.google-analytics.com google.com www.google.com https://www.google.com https://www.gstatic.com google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://mozillathimblelivepreview.net; frame-src 'self' https://docs.google.com blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; child-src 'self' https://pontoon.mozilla.org blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; script-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://mozorg.cdn.mozilla.net https://www.google-analytics.com https://pontoon.mozilla.org https://mozillathimblelivepreview.net; connect-src 'self' https://pontoon.mozilla.org https://mozilla.github.io/thimble-homepage-gallery/activities.json https://api.github.com/repos/mozilla/thimble.mozilla.org/issues https://mozillathimblelivepreview.net; frame-ancestors https://pontoon.mozilla.org; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://code.cdn.mozilla.net/ https://pontoon.mozilla.org; img-src *; media-src *; style-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://fonts.googleapis.com https://mozorg.cdn.mozilla.net https://netdna.bootstrapcdn.com https://pontoon.mozilla.org 'sha256-AnlD8XRHNPxhNZ/6MucKFJr9yYGQtn8bmvveYkBg7a4=' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://api-449e3207.duosecurity.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com/ https://www.google-analytics.com/  https://api-449e3207.duosecurity.com https://connect.facebook.net/ https://use.fontawesome.com/ https://s7.addthis.com/ https://cdn.syndication.twimg.com; font-src 'self' 'unsafe-inline' data  https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/ https://fonts.gstatic.com data: ; img-src 'self' 'unsafe-inline'  https://www.google-analytics.com/  https://api-449e3207.duosecurity.com https://www.facebook.com/ https://syndication.twitter.com/  https://pbs.twimg.com/ https://platform.twitter.com/ https://ton.twimg.com/ https://abs.twimg.com/ data:  ; frame-src 'self' https://staticxx.facebook.com/ https://w.soundcloud.com/ https://api-449e3207.duosecurity.com https://syndication.twitter.com/ https://platform.twitter.com/  https://www.facebook.com  https://www.youtube.com 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.geetest.com *.tokenoftrust.com *.qredit.cloud *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'unsafe-eval' 'nonce-f22ffa9c7fc86e2d8212cccbfe90470e' *.geetest.com *.qbox.me *.google.com *.googleusercontent.com *.altilly.com *.tokenoftrust.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.geetest.com *.qbox.me *.tokenoftrust.com *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1
frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site; report-uri //report-csp-violation 1
default-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self' http://online-training.projectwet.org; child-src 'self' *; font-src 'self' *; connect-src 'self' *; report-uri /report-csp-violation 1
frame-ancestors * 1
script-src 'self' www.papara.com papara.com cdn.papara.com cdn.test.papara.com api.instagram.com az416426.vo.msecnd.net maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' www.papara.com papara.com cdn.papara.com cdn.test.papara.com d23wms2coskb83.cloudfront.net d10blfc6f8pj7j.cloudfront.net s3-eu-west-1.amazonaws.com  scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com scontent.xx.fbcdn.net graph.facebook.com www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self' 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* https://www.google-analytics.com; manifest-src 'self' 1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
default-src 'self' *.vcapps.org *.addthis.com *.google-analytics.com *.doubleclick.net gpp.guidestar.org nonprofitdirectory.guidestar.org gppplugin.guidestar.org ; style-src 'unsafe-inline' https: ;script-src 'unsafe-inline' https: ;frame-src 'unsafe-inline' https: 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.google-analytics.com  *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.cloudflare.com; img-src  'self' data: *.google-analytics.com *.gstatic.com; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.google.com ; font-src 'self' data: *.gstatic.com; connect-src 'self' *.google-analytics.com; report-uri /en_GB/report-csp-violation 1
script-src 'self' http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *; 1
worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com; default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.ytimg.com  *.mopinion.com *.arcgisonline.com js.arcgis.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net https://unpkg.com;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net https://img.shields.io;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org; frame-src 'self' *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com/; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.rawgit.com *.ilblogdellestelle.it *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com *.parastorage.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com data:; object-src 'self' *.ilblogdellestelle.it *.s3-eu-west-1.amazonaws.com; frame-src 'self' *.ilblogdellestelle.it *.wix.com *.facebook.net *.facebook.com batchgeo.com *.youtube.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ilblogdellestelle.it *.ytimg.com *.wixstatic.com *.paypalobjects.com *.google-analytics.com *.gstatic.com *.google.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.parastorage.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com data:; 1
frame-ancestors 'self' ; 1
default-src 'self''unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline'https://fonts.googleapis.com ; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval'  1
frame-ancestors *.amboss.com *.miamed.de 1
: default-src https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.google.com https://tracking.leadlander.com https://1.tl813.com https://geoip-js.maxmind.com https://www.google.co.uk https://*.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline' *.searchtechnologies.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.gstatic.com https://www.google.com https://tracking.leadlander.com https://www.linkedin.com https://ajax.googleapis.com https://formalyzer.com https://www.googleadservices.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://*.trackalyzer.com https://js.maxmind.com https://bat.bing.com https://storage.googleapis.com https://snap.licdn.com https://t.sf14g.com https://1.tl813.com https://code.jquery.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src https://raw.githubusercontent.com https://cdn.rawgit.com https://tracking.leadlander.com https://www.google.iq https://www.google.co.uk https://www.google-analytics.com https://t2.trackalyzer.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com 'self' *.searchtechnologies.com data:; connect-src https://geoip-js.maxmind.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com 'self' *.searchtechnologies.com; form-action 'self'; font-src 'self' https://cdnjs.cloudflare.com https://www.searchtechnologies.com 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.skeyes.be http://*.belgocontrol.be https://www.openstreetmap.org http://opendatacommons.org https://www.google.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://www.youtube.com https://create.smart2vr.com https://ssl.google-analytics.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 1
script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
referrer no-referrer 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com/ https://www.youtube.com; connect-src 'self'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.google.com/; img-src 'self' https://www.google-analytics.com https://www.google.com/cse/ https://clients1.google.com/ https://www.googleapis.com/ https://encrypted-tbn0.gstatic.com/ https://encrypted-tbn1.gstatic.com/ https://encrypted-tbn2.gstatic.com/ https://encrypted-tbn3.gstatic.com/ https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://chart.apis.google.com/ https://img.youtube.com https://placeholder.inventis.be https://placedog.net https://stats.g.doubleclick.net/ data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com/ https://www.google.com/cse/ https://clients1.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://developers.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com/cse/ https://use.typekit.net https://p.typekit.net/ https://fonts.googleapis.com/ 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
frame-ancestors http://my.rotary.org https://my.rotary.org 'self'; 1
default-src 'self' www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com; frame-src  'self' www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com 1
default-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com  https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: * 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com vimeo.com; 1
frame-ancestors 'none' 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; report-uri //report-csp-violation 1
default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://www.youtube.com http://www.gstb-rlp.de https://www.kosdirekt.de; img-src 'self' https://img.youtube.com https://www.google-analytics.com https://vat.db-app.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://de.ioam.de https://s.ytimg.com https://script.ioam.de https://www.google-analytics.com https://www.youtube.com https://vat.db-app.de/; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net www.googletagmanager.com www.google-analytics.com cdn.ckeditor.com woobox.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net woobox.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.typekit.net *.consumercare.net h6.consumercare.net maxcdn.boostrapcdn.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.ckeditor.com; img-src 'self' 'unsafe-inline' stats.g.doubleclick.net www.google-analytics.com cdn.ckeditor.com p.typekit.net www.facebook.com www.google.com; media-src 'self' 'unsafe-inline' ballparkbuns.s3.us-east-2.amazonaws.com; frame-src woobox.com connect.facebook.net www.facebook.com *.googleadservices.com *.doubleclick.net.; font-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.jsdelivr.net use.typekit.net; connect-src 'self' performance.typekit.net *.doubleclick.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com s7.addthis.com fast.fonts.com m.addthis.com; frame-src 'self' s7.addthis.com m.addthis.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.google-analytics.com www.google.com www.gstatic.com https://cdn.ckeditor.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdn.ckeditor.com; img-src 'self' data: www.gstatic.com www.google-analytics.com https://cdn.ckeditor.com; media-src 'unsafe-inline'; frame-src 'self' https://www.google.com ; frame-ancestors 'self'; font-src 'self'; report-uri /report-csp-violation 1
default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline' data: blob:; media-src 'self'; frame-src *; font-src * 'unsafe-inline' data: blob:; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buttercms.com *.griddynamics.com *.sentry-cdn.com *.apis.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.ads-twitter.com cdn.jsdelivr.net www.feedrapp.info *.pardot.com *.yandex.ru; style-src 'self' 'unsafe-inline' *.buttercms.com *.googleapis.com *.sentry-cdn.com; img-src 'self' data: *.buttercms.com grid-dynamics-blog.ghost.io *.griddynamics.com *.gstatic.com *.apis.google.com *.googleapis.com *.google.com *.google.com.ua *.google-analytics.com *.doubleclick.net stats.g.doubleclick.net mc.webvisor.org *.yandex.ru; font-src 'self' data: *.googleapis.com *.gstatic.com 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-yDAjgQz/mLy0phEfD/VhEA==' 'strict-dynamic'; style-src 'self' 'sha256-d4jKoEsY0npGbOevIEtDXcppNusLBHqAmsy909ztPuw='; worker-src 'self'; 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 'self' 'unsafe-inline'; img-src https: data: blob: 'self'; frame-src https: 'self' ; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.googletagmanager.com *.google-analytics.com *.juicer.io  *.google.com *.gstatic.com  count-server.sharethis.com  *.pinterest.com https://app.icontact.com *.econsumeraffairs.com *.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.youtube.com *.ytimg.com *.woobox.com woobox.com rsmstanley.formstack.com static.formstack.com; object-src *.youtube.com ; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com ws.sharethis.com *.juicer.io https://app.icontact.com static.formstack.com; img-src 'self' *.google-analytics.com stats.g.doubleclick.net *.google.com *.xx.fbcdn.net *.facebook.com *.juicer.io  media.giphy.com data:  channelsightstorage.blob.core.windows.net  *.sharethis.com  *.pinterest.com  pinterest.com   http://i.ytimg.com blob: https://app.icontact.com *.scorecardresearch.com https://chart.googleapis.com/ https://www.googletagmanager.com https://www.google.com.pe *.imgur.com *.formstack.com; media-src 'self' *.xx.fbcdn.net; frame-src 'self' *.sharethis.com *.youtube.com *.juicer.io *.facebook.com *.google.com *.pinterest.com https://woobox.com https://c.sharethis.mgr.consensu.org https://www.youtube.com/ https://rsmstanley.formstack.com/; frame-ancestors 'self' https://www.youtube.com/ https://rsmstanley.formstack.com/; child-src 'self' https://www.youtube.com/; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.juicer.io static.formstack.com; connect-src 'self'  l.sharethis.com eureka.channelsight.com *.juicer.io  littlebites.channelsight.com blob: https://www.google-analytics.com  https://stats.g.doubleclick.net https://c.sharethis.mgr.consensu.org *.facebook.com https://www.youtube.com; report-uri /report-csp-violation 1
default-src 'self' data: https:; object-src 'self'; script-src 'self' data: 'unsafe-inline' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: *.hz.nl *.hubspot.com www.google.com www.google.nl www.google-analytics.com www.googletagmanager.com www.facebook.com stats.g.doubleclick.net *.zopim.com via.placeholder.com maps.gstatic.com maps.googleapis.com maps.google.com 1
default-src *;object-src 'none';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: 'unsafe-inline' 'unsafe-eval';media-src *;font-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net *.hsadspixel.net *.sumo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.hubapi.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1
default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://cloudfiltering.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://cleanmx.pt https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.bam.nr-data.net *.nr-data.com *.google-analytics.com *.googleapis.com *.gstatic.com *.maps.google.com *.stats.g.doubleclick.net *.g.doubleclick.net *.google.com *.google.ca *.cloud.google.com; img-src * data:; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://chat.userlike.com cdn.delight-vr.com data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; img-src 'self' www.google.com www.google.co.uk ssl.google-analytics.com; frame-src 'self' youtube.com; report-uri /admin/settings/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.b05-apps.nl http://localhost:8080 https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com; worker-src blob: 1
style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com ; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cloudfront.net https://*.adsrvr.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com https://*.twitter.com https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://*.webphone.net; img-src 'self' data: https://*; font-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://*.googleapis.com http://*.mars.com https://*.mars.com https://*.jquery.com https://*.onetrust.com https://*.rawgit.com https://*.facebook.net https://*.bootstrapcdn.com https://*.windows.net https://*.githubusercontent.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com data: https://*; object-src 'self' 1
default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://account.bitvavo.com/; manifest-src 'self'; connect-src 'self' wss://socket.bitvavo.com https://api.bitvavo.com/v1/ https://widget.trustpilot.com/; font-src 'self' https://fonts.gstatic.com/s/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/; form-action 'self'; base-uri 'none'; media-src 'self'; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://account.bitvavo.com/media/img/; style-src 'self' https://account.bitvavo.com/ https://fonts.googleapis.com/  'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://code.jquery.com/jquery-3.3.1.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://cdn.widget.trengo.eu/; frame-src 'self' https://widget.trustpilot.com/ https://widget.belco.io/; 1
base-uri 'self' https://d3gcmglegmnvz8.cloudfront.net/; child-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; frame-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; connect-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br; default-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://d3gcmglegmnvz8.cloudfront.net/ https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com https://*.hotjar.com/; img-src 'self' data: https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/; media-src https://d3gcmglegmnvz8.cloudfront.net/; object-src https://d3gcmglegmnvz8.cloudfront.net/; script-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ https://*.facebook.net https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://accounts.google.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://seal.geotrust.com/ https://www.youtube.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ 'unsafe-inline'; frame-ancestors 'self' https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://*.hotjar.com/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ gap:; referrer origin-when-cross-origin; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=IPkMyRffdAoaPsQ4utDI0OR0pRVBF8NQVMKWkFPvn2HO1uzsemHJ3JJ%2bditjAgrF1Tk5paCrdDBdltxnz7cE2lLtJmy6w2Ei2aqd4q3L1VyyWVldTSh2u3TXljwEagSB; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'unsafe-inline' 'self' *.edp.com *.edpr.com *.gstatic.com *.mailjet.com *.tools.euroland.com *.eurolandir.com *.google-analytics.com *.js-agent.newrelic.com *.youtube.com *.jsdelivr.net *.media-server.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edp.com *.edpr.com *.datatables.net *.euroland.com *.newrelic.com *.nr-data.net *.jsdelivr.net *.byside.com *.s1.byside.com *.googleadservices.com *.googleads.g.doubleclick.net *.google.com *.hotjar.com *.google-analytics.com *.youtube.com *.facebook.net *.ytimg.com grmtech.net *.cloudfront.net *.adnxs.com *.mookie1.com *.serving-sys.com c-share.herokuapp.com *.googleapis.com *.cloudflare.com *.captcha.com *.doubleclick.net *.google.com *.google.pt *.botframework.com *.edp.pt *.clientscape.com *.facebook.com *.googletagmanager.com *.licdn.com *.linkedin.com nebula-cdn.kampyle.com *.kampyle.com *.smrk.io *.gstatic.com *.cookiepro.com *.onetrust.com *.wufoo.com; style-src 'unsafe-inline' 'self' 'unsafe-eval' *.edp.com *.edpr.com *.googleapis.com *.cloudflare.com *.datatables.net;; img-src 'self' *.edp.com *.edpr.com *.google-analytics.com data: maps.gstatic.com maps.googleapis.com; media-src 'self' *.edp.com *.edpr.com data:; frame-src 'self' *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com youtube.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com; frame-ancestors 'self' *.edp.com *.edpr.com *.portaldocidadaosurdo.pt *.p01-geral.dig.corp.edp.com; connect-src 'self' *.edp.com *.edpr.com cdn.plyr.io www.google-analytics.com; report-uri /en/report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors itzbund.preview.prod.gsb.bund.zivb.net 1
default-src 'self' *.fuelrats.com *.stripe.com blob:; connect-src 'self' wss://*.fuelrats.com; base-uri 'none'; script-src 'self' 'nonce-d540cd99-511e-49a9-9ab6-d5276d106579' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.fuelrats.com *.stripe.com; img-src 'self' *.fuelrats.com *.stripe.com api.adorable.io *.wp.com blob:; media-src 'self'; object-src 'self'; font-src 'self' fonts.gstatic.com 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ https://*.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1
default-src 'self' http:  https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' api.iconify.design *.google-analytics.com *.gerc.ua *.google.com *.samsung.com *.visa.com *.googleapis.com *.googletagmanager.com *.kmda.gov.ua *.gstatic.com; style-src 'self' data: 'unsafe-inline' *.gerc.ua *.googleapis.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' *.gerc.ua gioc.kiev.ua *.gioc.kiev.ua suvorovskiy.com.ua *.suvorovskiy.com.ua *.kyivcity.gov.ua openosh.site cks.kiev.ua oschadbank.ua *.oschadbank.ua cks.com.ua kte.kmda.gov.ua *.kmda.gov.ua; font-src 'self' data: *.gerc.ua fonts.googleapis.com fonts.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
media-src *, script-src self 'unsafe-eval' 'unsafe-inline' https://mc.yandex.ru https://xn--62-dlchecl2bsdax2n.xn--p1ai https://google.com https://www.gstatic.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline' 1
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de www.econda-monitor.de connect.facebook.net www.googleadservices.com maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'self' 'unsafe-inline'; style-src tagmanager.google.com fonts.googleapis.com c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net *.google.com maps.googleapis.com *.gstatic.com www.google-analytics.com *.google.de stats.g.doubleclick.net 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de www.econda-monitor.de www.google-analytics.com 'self'; report-uri /backend/csp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' mautic.duo.be use.typekit.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.hotjar.net *.hotjar.com js.hs-analytics.net tagmanager.google.com cdn.jsdelivr.net apis.google.com https://optimize.google.com/optimize/ optimize.google.com cdn.ampproject.org https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' use.typekit.net cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com optimize.google.com p.typekit.net; img-src 'self' mautic.duo.be p.typekit.net data: www.google-analytics.com www.facebook.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net www.google.com https://www.google.be/ads/ga-audiences https://optimize.google.com/optimize/  optimize.google.com https://www.googletagmanager.com; font-src 'self' *.typekit.net data: https:; connect-src 'self' mautic.duo.be www.google-analytics.com performance.typekit.net *.hotjar.com:* wss: https://stats.g.doubleclick.net; report-uri /report-csp-violation 1
script-src 'nonce-QhC7dF6AGZw8OX2xoGMxiybrV8Q=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  https://stats.g.doubleclick.net https://s.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://infra.mcit.gov.sa https://cdn.ckeditor.com https://www.google.com/maps/embed https://maps.google.com/maps https://usf.maps.arcgis.com/apps/TimeAware/index.html https://www.google.com/videohp https://mcit.gov.sa/sites/default/files/fileAr.pdf  https://api.darksky.net   https://youtu.be/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' *.googletagmanager.com *.googleapis.com *.google-analytics.com *.gstatic.com https://seal.godaddy.com https://maps.google.com https://connect.facebook.net https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/ 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' io.clickguard.com connect.facebook.net www.googleadservices.com trustlogo.comodo.com ajax.googleapis.com platform.twitter.com www.google-analytics.com ajax.googleapis.com s.yimg.com bat.bing.com static.ads-twitter.com sp.analytics.yahoo.com platform.twitter.com analytics.twitter.com *.google-analytics.com cdnjs.cloudflare.com seal.websecurity.norton.com 0.r.msn.com www.googletagmanager.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https://essiac-newsletter-images.s3.ca-central-1.amazonaws.com essiacproducts.com www.essiacproducts.com stats.g.doubleclick.net www.facebook.com trustlogo.comodo.com googleads.g.doubleclick.net *.google-analytics.com bat.bing.com www.google.com www.google.ca t.co seal.websecurity.norton.com tracking.admarketplace.net; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' s.yimg.com www.google-analytics.com static.ads-twitter.com stats.g.doubleclick.net *.essiacproducts.com io.clickguard.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:*  *.twitter.com; script-src 'self' 'unsafe-inline'  *.googleapis.com:* *.google.com *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com:* *.highcharts.com cdn.jsdelivr.net:*  *.twitter.com  *.twimg.com data:; style-src 'self' 'unsafe-inline' *.googleapis.com:* cdn.jsdelivr.net:* *.twitter.com; img-src 'self'  *.bootstrapcdn.com:* *.googleapis.com:* *.googleusercontent.com:* *.google-analytics.com *.twitter.com *.twimg.com *.gstatic.com data: ; frame-src 'self'   *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com * data:; child-src 'self' 'unsafe-inline'  *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.twimg.com; report-uri /report-csp-violation 1
allow 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.criteo.net *.criteo.com *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.googlesyndication.com data:; object-src *; style-src 'self' 'unsafe-inline' *.yahoo.com *.criteo.net *.criteo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com; img-src * data:; media-src *; frame-src *; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
base-uri https://optimize.google.com; default-src; child-src https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://c.sharethis.mgr.consensu.org https://*.stripe.com blob:; connect-src 'self' https://*.sharethis.com https://*.algolianet.com https://*.algolia.net https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hubapi.com https://settings.luckyorange.net wss://*.visitors.live wss://visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://*.hubspot.com; font-src 'self' https://*.gstatic.com https://optimize.google.com data:; form-action 'self' https://*.hsforms.com https://www.facebook.com https://uk.bablearn.com/introduction-to-iso-45001 https://uk.bablearn.com/introduction-to-iso-27001 https://uk.bablearn.com/introduction-to-iso-14001 https://uk.bablearn.com/introduction-to-iso-9001; frame-ancestors 'none'; frame-src https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://c.sharethis.mgr.consensu.org https://*.stripe.com https://*.hsforms.com https://optimize.google.com https://app.hubspot.com https://www.facebook.com; img-src 'self' https://secure.gravatar.com https://api.feefo.com https://*.sharethis.com https://s3.amazonaws.com/sharethis-socialab-prod/share-this-logo%402x.png https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.mt https://*.google.com.ua https://*.google.ie https://*.google.it https://*.google.se https://*.google.sk https://*.googletagmanager.com https://*.gstatic.com https://*.hubspot.com https://*.hsforms.com https://*.bing.com https://d10lpsik1i8c69.cloudfront.net https://optimize.google.com https://px.ads.linkedin.com blob: data:; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; object-src 'none'; script-src 'self' https://*.sharethis.com https://*.algolianet.com https://*.stripe.com https://*.gstatic.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.ae https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.mt https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ie https://*.google.it https://*.google.ru https://*.google.sk https://js.hsadspixel.net js.hsadspixel.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-scripts.com https://*.usemessages.com https://*.hsforms.net https://*.hsforms.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.linkedin.com https://*.bing.com https://*.hs-sites.com https://d10lpsik1i8c69.cloudfront.net https://optimize.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.google.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/british-assessment-bureau; report-to https://poirot.selesti.com/api/violation/british-assessment-bureau; upgrade-insecure-requests 1
self 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.water-garden.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.doubleclick.net https://*.doubleclick.net *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com i.reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com; frame-src 'self' *.googleadservices.com *.doubleclick.net https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com https://*.google.com https://*.google.co.uk *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.googleadservices.com https://googleadservices.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com; child-src *.googleadservices.com https://googleadservices.com; image-src *.googleadservices.com https://googleadservices.com; object-src https://seal.verisign.com d1ros97qkrwjf5.cloudfront.net *.zopim.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru 1
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 1
default-src 'self' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; frame-src https:; style-src 'self' 'unsafe-inline' https:; 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://www.spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' data: *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.hypovbg.at cdnjs.cloudflare.com google.com analytics.arz.at www.google.com www.google-analytics.com www.googletagmanager.com maps.google.com maps.googleapis.com e.issuu.com; object-src 'self' *.youtube.com; style-src 'self' data: 'unsafe-inline' *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com fonts.googleapis.com; img-src 'self' data: *.hypovbg.at google.com www.google.com analytics.arz.at www.google-analytics.com www.googletagmanager.com www.youtube.com youtube.com www.youtube-nocookie.com youtube-nocookie.com maps.google.com maps.googleapis.com *.gstatic.com; media-src 'self'; frame-src 'self' kurse.banking.co.at *.hypovbg.at www.youtube.com youtube.com www.youtube-nocookie.com youtube-nocookie.com e.issuu.com; font-src 'self' data: *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https://img.youtube.com https://seal.websecurity.norton.com https://www.google-analytics.com https://widgets.trustedshops.com ; 1
default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com www.recaptcha.net d16fk4ms6rqz1v.cloudfront.net s.salecycle.com connect.facebook.net d.turn.com msig-web-chat-plugin.zumata.com cdn.polyfill.io console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com s.salecycle.com console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com msig.zumata.com http://tagmanager.google.com insight.adsrvr.org s.salecycle.com d22j4fzzszoii2.cloudfront.net www.facebook.com msig-web-chat-plugin.zumata.com console.turn.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net http://tagmanager.google.com s.salecycle.com *.fls.doubleclick.net; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com d22j4fzzszoii2.cloudfront.net; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in http://tagmanager.google.com staging-msig.zumata.com msig.zumata.com *.salecycle.com stats.g.doubleclick.net wss://msig-web-chat-plugin.zumata.com msig-web-chat-plugin.zumata.com console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org; report-uri /report-csp-violation 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; reflected-xss block; report-uri https://kvrlp.report-uri.io/r/default/csp/enforce; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net *.yandex.ru yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.com *.yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.googleapis.com *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.jquery.com *.google.com *.gstatic.com *.googletagmanager.com  *.google-analytics.com; object-src 'self' www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'unsafe-eval' ; img-src 'self' *.googleapis.com *.google-analytics.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com 192.168.2.248 dev.nixa.ca:8248; font-src 'self' *.gstatic.com *.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'unsafe-inline' 'unsafe-eval' https://*.jivosite.com:* https://*.facebook.net:* https://*.cloudfront.net:* https://*.amazonaws.com:* https://*.fastinvest.com:* https://*.trustpilot.com:* https://*.google.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.google-analytics.com:* https://*.hotjar.com:* https://*.ads-twitter.com:*  https://*.twitter.com:* https://*.twimg.com https://*.zopim.com:* https://whatdesk.com:* https://www.googleadservices.com:* https://www.fastinvest.com:* https://googleads.g.doubleclick.net:* https://mc.us18.list-manage.com:* https://*.mailchimp.com:* https://browser.sentry-cdn.com:* https://static.mailerlite.com:* https://*.purechat.com:* https://*.googleapis.com:* https://app.purechat.com:* https://ajax.googleapis.com:* 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; report-to /csp-report; 1
default-src 'self' *.intelliflo.com and *.test.intelliflo.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.intelligent-office.net *.intelliflo.com *.test.intelliflo.com; object-src 'self'; style-src * 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com data: *.intelliflo.com; media-src 'self'; frame-src https:; font-src 'self' data:; connect-src 'self' *.intelliflo.com and *.test.intelliflo.com and *.amazonaws.com; 1
default-src 'none'; base-uri 'self'; form-action 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'none'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation 1
default-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; frame-src https:; connect-src https:; manifest-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com/tr/; base-uri 'self' https://optimize.google.com/optimize/editor/; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self' https://*.triplevision.nl; child-src 'self' https://*.triplevision.nl https://triplevisiondigital.com https://www.google.com https://paypal.com https://vimeo.com https://youtube.com https://twitter.com https://*.logrocket.com data: blob:; connect-src 'self' wss://*.hotjar.com wss://*.triplevision.nl https://*; font-src 'self' https:; frame-src 'self' https://blackfire.io https://vars.hotjar.com/; img-src 'self' data: http: https:; script-src 'self' https://*.triplevision.nl https://ajax.googleapis.com https://cdn.ampproject.org https://cdn.logrocket.com https://code.jquery.com https://platform.twitter.com https://maps.googleapis.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com data: https: 'unsafe-inline'; style-src 'self' https://*.triplevision.nl https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://*.twimg.com 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
default-src 'self' 'unsafe-eval' https://www.youtube.com:* 'unsafe-inline' https://bam.nr-data.net:* https://www.google.com:* https://www.googleapis.com:*  https://clients1.google.com:* https://code.jquery.com:* https://js-agent.newrelic.com:*  https://cdn.printfriendly.com:* https://cdn.jsdelivr.net:*  https://www.google-analytics.com:* https://cse.google.com:*  https://ds-4047.kxcdn.com:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com data: 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.dollplanet.ru dollplanet.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dollplanet.ru dollplanet.ru my2.imgsmail.ru http://www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru *.yandex.ru *.youtube.com https://www.youtube.com http://www.google-analytics.com https://www.google-analytics.com https://*.staticflickr.com https://flic.kr https://www.flickr.com ; object-src 'self' *.dollplanet.ru dollplanet.ru http://www.gstatic.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.macromedia.com *.ytimg.com ytimg.com *.googlevideo.com googlevideo.com *.yandex.ru ; style-src 'self' 'unsafe-inline' *.dollplanet.ru dollplanet.ru *.yandex.ru ; img-src 'self' *.dollplanet.ru dollplanet.ru http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com barbieplanet.ru www.dollyshouse.ru http://*.photobucket.com https://fotki.yandex.ru https://img-fotki.yandex.ru http://counter.yadro.ru  *.yandex.ru ; data: vk.com yastatic.net http://www.liveinternet.ru counter.yadro.ru mc.yandex.ru http://www.google-analytics.com https://www.google-analytics.com http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com https://www.youtube.com  *.yandex.ru ; media-src 'self' *.dollplanet.ru dollplanet.ru https://www.youtube.com http://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.googlevideo.com; frame-src 'self' *.dollplanet.ru dollplanet.ru connect.mail.ru googleads.g.doubleclick.net vk.com http://www.youtube.com https://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com  *.yandex.ru ; font-src 'self' *.dollplanet.ru dollplanet.ru *.yandex.ru ; connect-src 'self' *.dollplanet.ru dollplanet.ru mc.yandex.ru *.gstatic.com *.yandex.ru  1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google-analytics.com *.google.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.facebook.com; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  tag.myaspectra.ch; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' tag.myaspectra.ch  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.youtube.com *.google-analytics.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com 1
default-src 'self' data: https://www.google.com/ https://*.stockdio.com https://player.vimeo.com https://www.youtube-nocookie.com/ https://cdn.whisky-circle.info https://analytics.edlinger.at/ https://*.youtube.com https://staticxx.facebook.com ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://analytics.edlinger.at/ https://cdn.polyfill.io https://onesignal.com/ https://*.onesignal.com/ https://cdn.onesignal.com/ https://twitter.com https://*.twimg.com https://twitter.com https://ton.twitter.com https://*.cloudfront.net https://*.cloudflare.com https://code.angularjs.org https://www.dropbox.com/ https://app.box.com https://*.live.net/ https://*.google.com http://*.hotjar.com https://*.hotjar.com http://cdn.jsdelivr.net https://cdn.jsdelivr.net www.google.com staticxx.facebook.com facebook.com www.googletagmanager.com https://onesignal.com/ connect.facebook.net www.google-analytics.com ajax.googleapis.com https://cdn.polyfill.io; object-src 'self' data: https://cdn.whisky-circle.info https://*.cloudfront.net; style-src 'self' data: 'unsafe-inline' https://onesignal.com/ https://*.cloudfront.net https://cdn.whisky-circle.info https://*.googleapis.com/ https://www.whisky-circle.info/a-guide-to-driving-in-scotland/ ; img-src 'self' data: http://opensharecount.com http://*.osm.org https://analytics.edlinger.at/ https://www.blogheim.at https://cdn.whisky-circle.info https://*.google.at https://themeadviser.com https://www.google-analytics.com https://www.facebook.com s.w.org https://stats.g.doubleclick.net https://www.gravatar.com/avatar/ https://secure.gravatar.com/ ps.w.org https://www.google.com https://*.googleapis.com/; media-src 'self' data: https://cdn.whisky-circle.info; worker-src 'self' data: https://onesignal.com/ https://*.onesignal.com/ https://*.vimeo.com https://*.cloudfront.net https://*.youtube.com https://*.youtube-nocookie.com https://staticxx.facebook.com https://*.hotjar.com https://cdn.polyfill.io; font-src 'self' data: https://cdn.whisky-circle.info https://*.gstatic.com; connect-src 'self' data: http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://yoast.com/ 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'none'; frame-src 'self' https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline'; connect-src 'self' *.gstatic.com https://securepubads.g.doubleclick.net; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' yastatic.net cdn.socket.io iplayer.org main.yayoye.com.ua 'unsafe-eval'  'unsafe-inline' *.pix-cdn.org yandex.st www.gstatic.com ad.iplayer.org:3000 pagead2.googlesyndication.com  mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src *;  style-src 'self' iplayer.org *.pix-cdn.org  'unsafe-inline'; img-src 'self' * data: *.pix-cdn.org  www.liveinternet.ru pagead2.googlesyndication.com counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com main.yayoye.com.ua gamegame.2974600.pix-cdn.org; media-src 'self'; frame-src 'self' googleads.g.doubleclick.net *; font-src 'self'; connect-src 'self'  iplayer.org api.iplayer.org mc.yandex.ru; report-uri https://caspr.io/endpoint/66066cdcb23dc03b223f90743a46265c96c10554feec61cf620e5a2768bc4a6f 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mail-scanner.eu https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: siteimproveanalytics.com *.siteimprove.com *.denkwerk.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.doubleclick.net;         connect-src 'self' *.denkwerk.com;         font-src 'self' *.denkwerk.com;         media-src *.denkwerk.com player.vimeo.com *.vimeocdn.com gcs-vimeo.akamaized.net; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com; connect-src 'self' https://vimeo.com https://*.resengo.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleapis.com *.gstatic.com apis.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.mouseflow.com *.youtube.com *.vimeo.com *.google.com *.google.nl *.mijnwefact.nl *.ytimg.com *.feedbackcompany.nl 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * ; img-src 'self' https://assets.bbulibrary.com https://p.typekit.net  https://tags.w55c.net https://www.google-analytics.com https://www.google.com  https://*.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://t.sharethis.com https://ws.sharethis.com https://www.google.com/ https://youtu.be https://c.sharethis.mgr.consensu.org; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com;img-src * blob:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri https://www.asbestossafety.gov.au/report-csp-violation 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' vit.tube wss://peer.vit.tube https://media.vit.tube https://newmedia.vit.tube https://peer.vit.tube api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self' vit.tube touchit.social blob:; report-uri /api/v1/csp_violation 1
default-src 'self' https: s.webtrends.com *.mycliplister.com; media-src 'self' *.mycliplister.com mycliplister.com; font-src 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com  *.youtube.com *.webspellchecker.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com; style-src 'unsafe-inline' 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; img-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net data:; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' *.index.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.juicer.io *.google-analytics.com  *.facebook.net  *.wp.com *.licdn.com *.linkedin.com *.newsletter2go.com; style-src 'self' 'unsafe-inline' *.googleapis.com  *.juicer.io; media-src *; img-src *; font-src 'self' *.gstatic.com *.juicer.io *.wordpress.com; connect-src 'self' *.google-analytics.com *.doubleclick.net *.facebook.com *.newsletter2go.com *.juicer.io;  child-src 'self' *.facebook.com *.index.de 1