Values for x-webkit-csp:
default-src 'self' 23
report-uri /report-csp-violation 19
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 12
default-src 'self'; script-src 'self' 'unsafe-inline' 12
report-uri //report-csp-violation 11
frame-ancestors 'self' 11
report-uri /report-csp-violation; upgrade-insecure-requests 7
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us 7
allow 'self'; 7
default-src 'self'; 7
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 6
frame-ancestors 'self' https://*.adventhealth.com 6
frame-ancestors 'self'; report-uri //report-csp-violation 5
referrer origin 5
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 5
default-src 'self' 'unsafe-inline' 5
frame-ancestors 'self' weleda.sabio.de 5
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
4
connect-src * 'self' 3
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 3
default-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/; img-src 'self' data: * ssl.gstatic.com/; frame-src 'self' *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; font-src 'self' *.typekit.net fonts.gstatic.com *.hotjar.com data:; media-src 'self' data: blob: embedwistia-a.akamaihd.net *.podbean.com 3
frame-ancestors 'none' 3
default-src 'none'  3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' jobs.b-ite.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 2
frame-src *; 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com  *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.com *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
policy-uri /'self' 2
default-src 'self'; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com bam.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  *.prod.acquia-sites.com *.appliedmaterials.com:* data:; frame-src 'self' www.google.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net data:; connect-src 'self' www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com; frame-src https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com; 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com; img-src * blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.app.khoros.com *.smooch.io; report-uri /admin/config/system/seckit/csp-report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 2
prefetch-src *.metartnetwork.com; default-src 'self' blob: *.metartnetwork.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com cdn.islandsbanki.is https://640islandsbanki.boost.ai; default-src 'self'; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://cdn.islandsbanki.is/; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://www.gstatic.com https://siteimproveanalytics.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/; worker-src 'self' blob: 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net https://brightcove.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net https://www.facebook.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2
defult-src 'self' 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com 1
policy-uri /parivahan//'self' 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors rki-editor.preview.gsb.intranet.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net data: ; 1
default-src https:; script-src https:  'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src https: 'unsafe-eval' 'unsafe-inline' data:; img-src https: data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de data: blob: *.avm.de;frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
frame-src *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://c.go-mpulse.net https://www.googletagmanager.com https://www.facebook.com/ *.akstat.io/ https://s.go-mpulse.net https://www.google-analytics.com https://connect.facebook.net https://cl.qualaroo.com https://stats.g.doubleclick.net https://www.google.com cl.qualaroo.com https://dntcl.qualaroo.com https://www.google.co.uk https://w.sharethis.com https://cdn.ckeditor.com https://c.go-mpulse.net http://w.sharethis.com  *.hotjar.com https://vjs.zencdn.net *.viddler.com https://www.google.ie ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/api.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.googleoptimize.com www.google-analytics.com connect.facebook.net https://vk.com 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' api.usersnap.com cdn.usersnap.com cs.money mc.yandex.ru diffuser-cdn.app-us1.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net api.basisid.com https://cdn.amplitude.com sc-static.net support.cs.money embed-sandbox.bridgerpay.com embed.bridgerpay.com cs.money; worker-src 'self' data: blob: cs.money; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 1
frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de 'self'; report-uri /backend/csp 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net http://zoom.us zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.zionsbank.com https://*.zionsbank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.zionsbank.com https://*.zionsbank.com https://*.zionsbank.com https://*.cludo.com  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://googleads.g.doubleclick.net https://*.pages05.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.zionsbank.com https://*.zionsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self'; frame-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.zionsbank.com https://*.sndcdn.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.browsealoud.com *; style-src 'self' 'unsafe-inline' https://plus.browsealoud.com https://fonts.googleapis.com *; child-src 'self' *; font-src 'self' https://fonts.gstatic.com data: *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src https://browsealoud-webservices-8.texthelp.com/ https://plus.browsealoud.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com/ *; media-src 'self' blob: https://*.speechstream.net; script-src-elem  'unsafe-inline' data: *; 1
child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; report-uri /api/v1/csp_violation 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com https://js.driftt.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com  https://*.surveymonkey.com https://walls.io   https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com cdn.ckeditor.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data: https://fonts.gstatic.com https: 1
default-src 'none'; style-src 'self'; img-src 'self' images.ctfassets.net https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src videos.ctfassets.net; frame-src https://www.google.com https://www.youtube.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sitescout.com *.pixel.ad *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.sharethis.com secure-ds.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com tribl.io static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com *.cloudflare.com *.linkedin.com bm.adentifi.com *.tremorhub.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.doubleclick.net *.spotxchange.com *.adnxs.com *.contextweb.com *.rubiconproject.com *.openx.net *.simpli.fi p.alcmpn.com pbid.pro-market.net sync.tidaltv.com *.reson8.com fei.pro-market.net jelly.mdhv.io thrtle.com in.xspadvertising.com *.addthis.com u.acuityplatform.com pixel.mathtag.com pt.ispot.tv *.rkdms.com *.dotomi.com dpm.demdex.net *.newrelic.com *.facebook.net *.licdn.com *.adsymptotic.com *.nr-data.net *.jquery.com *.bootstrapcdn.com *.pippio.com *.addthis.com; 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://dev-gpc-1.sg.va.sabio.cloud https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg; script-src blob: www.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; report-uri /csp-report 1
;frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' http: https: www.krebshilfe.de dkh-stage.dwprev.com; 1
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 1
frame-ancestors 'self' https://*.hapara.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src *; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
default-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js ; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; child-src pei-portal.rexx-systems.com piwik.itzbund.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de; ; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com; frame-ancestors 'self'; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-13030ca6cdb457230b0304d6d43090f8' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com https://w.soundcloud.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' fast.fonts.net; object-src *.youtube.com www.youtube.com *.ytimg.com *.googlevideo.com *.vhall.com e.vhall.com https://player.soundcloud.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self' https://mwlr.test:8080 https://uat.mwlr.msapp.co.nz https://prod.mwlr.msapp.co.nz https://www.landcareresearch.co.nz; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'sha384-vvKPa5NYU2LLIv6XV/vXPngBfMmq4ZlVrzv5zCKWQP5w7tHIpm5szXfnqt8JU8CM' 'nonce-Yjk0MjY3NWRmZmRkNzY1MTJjYmY3NWU3ZWFhNjlkYWZlMjA5NTQwYTMyZDBiMzM2OWVjOWNiMTllNjJhY2NkY2QzYjVhMDQ3ZjJiODJlNTQ1MDY3OTE4ODBlYTkzZDU4OTY2YzI5MTRiOTVkMWY2ZmVhY2Q4YTNkNzg0ZGIxM2U=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com  loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com pagead2.googlesyndication.com *.googlesyndication.com *.googletagservices.com adservice.google.co.uk adservice.google.com; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com 'self' d34l49dszxxnhj.cloudfront.net *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/;; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net  d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com *.google.com/ads/ga-audiences *.google.co.uk/ads/ga-audiences  *.googlesyndication.com; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net optimize.google.com optimize.google.com/* *.optimize.google.com  embeds.audioboom.com googleads.g.doubleclick.net *.googlesyndication.com; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com d34l49dszxxnhj.cloudfront.net; connect-src 'self' *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ pagead2.googlesyndication.com *.google-analytics.com *.doubleclick.net; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
upgrade-insecure-requests 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
default-src 'self' http://yourcardhubdevqaapp.local http://yourcardhubtestapp.local http://yourcardhubproductionapp.local https://*.google-analytics.com https://*.amazonaws.com https://*.cloudfront.net https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com; connect-src 'self' http://yourcardhubdevqaapp.local http://yourcardhubdevqaapp.local:3030 https://yourcardhubdevqaapp.local:3030 http://yourcardhubtestapp.local http://yourcardhubtestapp.local:3030 https://yourcardhubtestapp.local:3030 http://yourcardhubproductionapp.local:3030 https://yourcardhubproductionapp.local:3030 https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://*.google-analytics.com https://*.amazonaws.com https://*.cloudfront.net; style-src https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https: 'unsafe-inline' https://fonts.googleapis.com data: ; script-src 'self' https://www.intelispend-staging.com https://www.1.awardhq.com https://code.jquery.com/ http://yourcardhubdevqaapp.local https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://www.google.com https://www.gstatic.com https://apis.google.com https://www.googletagmanager.com https://*.google-analytics.com https://client-api.arkoselabs.com https://api.arkoselabs.com https://docs.google.com https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com blob:; child-src 'self'; img-src 'self' https://maritz.scene7.com https://www.1.awardhq.com https://www.pointspot.com https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://*.cloudfront.net https://*.google-analytics.com https://embed.widencdn.net https://*.amazonaws.com https://*.google-analytics.com data: ; frame-src 'self' https://www.google.com https://client-api.arkoselabs.com https://api.arkoselabs.com https://docs.google.com; font-src 'self' https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://fonts.gstatic.com https://fonts.googleapis.com data: ;object-src data: 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:*; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' http://*.amazonaws.com:* https://*.amazonaws.com:*; frame-src 'self' 'unsafe-inline' * blob:*; frame-ancestors 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' * blob:* blob:; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 1
default-src=self 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://bat.bing.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com; img-src 'self' data: 'unsafe-inline' https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.api.brightcove.com *.bcovlive.io *.sep.bcovlive.io *.zencdn.net *.boltdns.net *.truste.com *.llnw.net *.akafms.net *.akamaihd.net *.llnwd.net *.cloudfront.net *.media.brightcove.com *.adsymptotic.com bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net *.cetrk.com s3.amazonaws.com snap.licdn.com z.moatads.com dn1f1hmdujj40.cloudfront.net du4pg90j806ok.cloudfront.net browser-update.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net *.typekit.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com *.youtube.com *.wistia.net *.podbean.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net *.llnwd.net *.akamaihd.net; report-uri /report-csp-violation 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.norma-online.de fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com blueimp.github.io *.api.here.com; 1
default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://s.yimg.com http://cdn.printfriendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self'; frame-src 'self' data: https://static.addtoany.com https://fwb.malaysiaairports.com.my https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://fwb.malaysiaairports.com.my; child-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; report-uri //report-csp-violation 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com 1
: default-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://js-agent.newrelic.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de *.zscaler.net; img-src *; style-src 'self' 'unsafe-inline'; media-src 'self'; connect-src 'self' vendorlist.consensu.org www.google-analytics.com stats.g.doubleclick.net; font-src 'self'; frame-ancestors 'self' www.sanadaily.de localhost:* sc.01.sana-apps.de; frame-src 'self' sc.01.sana-apps.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com 466b13bd.sibforms.com *.livecoder.com player.vimeo.com *.zscaler.net 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct app.humdash.com cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local *.luckyorange.net ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.consumercare.net *.econsumeraffairs.com *.addthis.com  *.ckeditor.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ckeditor.com; img-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net *.googleapis.com *.bbulibrary.com grupobimbo.com *.ckeditor.com; frame-src 'self' *.google.com; font-src font-src: 'self' fonts.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net https://unpkg.com;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net https://img.shields.io;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://youtube.com  https://www.youtube.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-J7R+Uk8n37GQT8fH+3h0aw==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com;                          default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com *.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com *.facebook.com;                          frame-src 'self' embed waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com;                          script-src 'self' *.ytimg.com  *.mopinion.com *.arcgisonline.com js.arcgis.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com connect.facebook.net 'unsafe-inline' 'unsafe-eval';                          style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline';                          connect-src https: http: ws: wss:; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-wgVUCIz0KvYfcPupUC6cn0KY' 'nonce-pIfMbDrjT4zs2rIUf0xlIjbd' 'nonce-rSCwYrtshM2gyv5crrY+15Y0' 'nonce-fA0dif4jnHyRCpUBgAYFW6/9' 'nonce-kNaib2sxDOqDt8zvKmQC09wc' 'nonce-HrKa3MbstACuk1UjWl1weXfm' 'nonce-5idf9KTMzdMG6LrvDxz4Mfuw' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com script.hotjar.com static.hotjar.com d.impactradius-event.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src https:;media-src 'self' www.wellsfargomedia.com www.wellsfargo.com;font-src 'self' data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com ceomedia.wf.com;base-uri 'self';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fe098fc0b79fcc8' www.wellsfargo.com www.bing.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' www.bing.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;object-src 'self' wifp.wellsfargo.com wifp.ceo.wellsfargo.com; 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'self'; default-src 'none'; connect-src 'self'; frame-src 'self'; img-src 'self' data:; media-src 'self'; script-src 'self'; style-src 'self' 1
frame-ancestors *.amboss.com 1
default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com  1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; frame-src 'self' 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: stats.hft-stuttgart.de; connect-src 'self' *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
frame-ancestors 'self' ; 1
: default-src *; frame-ancestors 'self' btcpop.co *.btcpop.co ; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomasbreads.com connect.facebook.net cdn.socialtwist.com ajax.googleapis.com www.googletagmanager.com assets.pinterest.com js-agent.newrelic.com *.pinterest.com  https://www.google-analytics.com https://bam.nr-data.net https://chat.consumercare.net  https://h6.consumercare.net  https://ad.atdmt.com https://www.econsumeraffairs.com https://www.google.com https://www.gstatic.com https://widgets.socialtwist.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.econsumeraffairs.com *.consumercare.net *.socialtwist.com; connect-src 'self' *.revemarketing.com https://www.google-analytics.com  https://stats.g.doubleclick.net  wss://webchat.revemarketing.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self' http://online-training.projectwet.org; child-src 'self' *; font-src 'self' *; connect-src 'self' *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-0927d6c938c1b89499c5ccc0'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src 'unsafe-inline' 'self' https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 'nonce-57edcd25-8b10-45ac-8941-3abc7a1e91f5'; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com; img-src 'self' data: *; frame-src * *.adform.net; object-src 'none'; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://www.youtube.com http://www.gstb-rlp.de https://www.kosdirekt.de https://kommunalradkongress-modules.xing-events.com; img-src 'self' https://img.youtube.com https://www.google-analytics.com https://vat.db-app.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://de.ioam.de https://s.ytimg.com https://script.ioam.de https://www.google-analytics.com https://www.youtube.com https://vat.db-app.de/; style-src 'self' 'unsafe-inline' 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://rpc.blurt.world blurt.blog blurt.world 'self' rpc.blurt.world https://api.blurt.blog https://blurtd.privex.io *.blurt.buzz wss://notifications.blurt.world; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com img.3speakcontent.online lbry.tv *.wistia.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; report-uri /api/v1/csp_violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mailsentinel.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' wss://main.weku.io:8190 https://dallas.weku.io:8190 https://dallas.weku.io wss://dallas.weku.io:8190 translate.google.com translate.googleapis.com wss://news.weku.io:8190 https://images2.weku.io https://images2.weku.io:8234 wss://chain.weku.io api.weku.io https://images.weku.io https://images.weku.io:8234; default-src 'self' translate.google.com translate.googleapis.com www.youtube.com weku.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.stripe.com; 1
default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org  https://www.googletagmanager.com https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://d.basemaps.cartocdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net https://ajax.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.google.com https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/ https://pcu.mortgagewebcenter.com; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' https://stats.g.doubleclick.net 1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' data: https:; object-src 'self'; script-src * data: 'unsafe-inline' https:; style-src 'self' data: 'unsafe-inline' https:; img-src * data: https:; 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://chat.userlike.com cdn.delight-vr.com data: 'unsafe-inline' 'unsafe-eval' 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com vimeo.com; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src  'self' storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'https://*.pchome.co.th'; 1
script-src 'self'  https://*.wistia.com https://embedwistia-a.akamaihd.net blob:  https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com  ajax.aspnetcdn.com  use.typekit.net  us1.siteimprove.com siteimproveanalytics.com  cdnjs.cloudflare.com  use.fontawesome.com  player.vimeo.com  clicky.com in.getclicky.com static.getclicky.com  code.jquery.com  'unsafe-inline' 'unsafe-eval' 1
: default-src 'self' 1
frame-ancestors 'self' https://*.etracker.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
"default-src *" 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.skeyes.be http://*.belgocontrol.be https://www.openstreetmap.org http://opendatacommons.org https://www.google.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://www.youtube.com https://create.smart2vr.com https://ssl.google-analytics.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com/; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com  https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1
img-src * 1
default-src 'self' shop.bestservice.de shop.bestservice.com shop.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de; 1
default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://www.spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
policy-uri /'unsafe-inline' 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; report-uri //report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' * 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src data: https:; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https:; frame-src data: https:; font-src 'self' data: https:; connect-src data: https:; base-uri 'self'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://sentry.io https://maps.google.com https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
: upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com *.ytimg.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net sdk.companywebcast.com https://ipapi.connectid.cloud *.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com sdk.companywebcast.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sdk.companywebcast.com streams.nfgd.nl; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self' https://equatio.texthelp.com/static/ wss://*.firebaseio.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/static/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/static/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/static/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/static/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/api.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com  https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
frame-ancestors http://my.rotary.org https://my.rotary.org http://my-cms.rotary.org https://my-cms.rotary.org 'self'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
report-uri; 1
deafult-src 'self' 1
default-src 'self' *.dohasooq.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://chat.freshdesk.com https://stats.pusher.com https://freegeoip.net https://t.omkt.co https://t3438570.icpro.co https://d36mpcpuzc4ztk.cloudfront.net query.yahooapis.com https://cdn.ckeditor.com code.highcharts.com code.jquery.com https://maps.google.com maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com https://api.q-tickets.com https://apis.google.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://d36mpcpuzc4ztk.cloudfront.net https://cdn.ckeditor.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com; img-src 'self' data: https://t.omkt.co https://d36mpcpuzc4ztk.cloudfront.net http://www.q-tickets.com www.google.com https://maps.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://cdn.ckeditor.com  https://s3-ap-southeast-1.amazonaws.com  https://dohasooqproduction.s3.ap-south-1.amazonaws.com  https://d1ua6rfbo1g04v.cloudfront.net https://www.google-analytics.com https://www.google.co.in https://*.facebook.com https://www.googletagmanager.com;media-src 'self' www.youtube.com https://d36mpcpuzc4ztk.cloudfront.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com;frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com https://*.facebook.com https://*.facebook.net;connect-src 'self' wss://ws.pusherapp.com https://*.facebook.com https://chat.freshdesk.com https://maps.googleapis.com wss://chat.freshdesk.com 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.com mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buttercms.com *.griddynamics.com *.sentry-cdn.com *.apis.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.ads-twitter.com cdn.jsdelivr.net www.feedrapp.info *.pardot.com *.yandex.ru; style-src 'self' 'unsafe-inline' *.buttercms.com *.googleapis.com *.sentry-cdn.com; img-src 'self' data: *.buttercms.com grid-dynamics-blog.ghost.io *.griddynamics.com *.gstatic.com *.apis.google.com *.googleapis.com *.google.com *.google.com.ua *.google-analytics.com *.doubleclick.net stats.g.doubleclick.net mc.webvisor.org *.yandex.ru; font-src 'self' data: *.googleapis.com *.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com *.snap.licdn.com *.bing.com *.hotjar.com *.facebook.net *.hs-scripts.com *.hs-banner.com *.hotjar.com *.hs-banner.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hs-analytics.net *.licdn.com *.hsforms.net *.hsforms.com *.amazonaws.com https://js-agent.newrelic.com/ https://js.hs-scripts.com/4992274.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/api.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net https://px.ads.linkedin.com/collect https://bat.bing.com/ https://www.google.co.uk/ads/ga-audiences *.linkedin.com *.hubspot.com *.hubspot.net https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com *.hs-scripts.com *.hotjar.com *.hubspot.com https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://vc.hotjar.io/views/1483048 *.hubspot.com *.hotjar.com https://bam.nr-data.net https://stats.g.doubleclick.net ; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' http:  https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self' *.atlas-elektronik.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.atlas-elektronik.com *.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com translate.google.com hello.myfonts.net platform.linkedin.com www.xing-share.com www.linkedin.com netdna.bootstrapcdn.com use.typekit.net; style-src 'self' 'unsafe-inline' *.atlas-elektronik.com fonts.googleapis.com use.typekit.net p.typekit.net translate.googleapis.com translate.google.com hello.myfonts.net www.xing-share.com; img-src 'self' data: *.atlas-elektronik.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com csi.gstatic.com maps.gstatic.com translate.google.com www.google.com/images/ www.gstatic.com/images/ static.licdn.com www.linkedin.com p.typekit.net; font-src 'self' data: use.typekit.net fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' *.atlas-elektronik.com *.googleapis.com www.youtube.comuse.typekit.net; object-src 'self' *.atlas-elektronik.com www.youtube.com; frame-src 'self' *.atlas-elektronik.com apis.google.com accounts.google.com www.youtube.com www.facebook.com platform.linkedin.com platform.twitter.com www.xing-share.com; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; connect-src 'self' https://vimeo.com https://*.resengo.com https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1
default-src 'self' https://api.deezer.com https://*.bernardo.fm; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://code.getmdl.io https://*.bernardo.fm; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.getmdl.io https://pagead2.googlesyndication.com https://adservice.google.ch https://*.bernardo.fm https://*.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://*.bernardo.fm; media-src 'self' https://www.dropbox.com https://*.dl.dropboxusercontent.com https://*.bernardo.fm; img-src 'self' data: http://www.w3.org https://*.bernardo.fm; frame-src https://googleads.g.doubleclick.net https://www.google.com 1
frame-ancestors 'self' https://*.salesforce.com 1
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com 'unsafe-eval'; style-src 'self' *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com simplybook.me lh3.googleusercontent.com data:; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com 1
base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src ict.infinity-tracking.net script.google.com 'self' sitesearch360.com wss://*.hotjar.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google-analytics.com *.hotjar.com *.hotjar.io *.investis.com *.sitesearch360.com *.twimg.com *.twitter.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: ict.infinity-tracking.net 'self' mpsnare.iesnare.com sitesearch360.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com vars.hotjar.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=N3xp6QTBwn%2bSucxGdaNMkNA9OihmI6I%2bF96P65okV6OFPxV0uJslpXKzRTw3INhEIP%2fmuS0RN4nzknp%2fT91oUcupS6ddM3tG5M%2bzfCjeQXAMAI%2btjAwon8Lwl2o32hBZw%2b49BROHdmDEk1udkbLd5lPGIx1FSeHUe%2bztebvACq1vVBZD7eh4DZMdF1RRhWP2Lnu2EIFewFqfcCkOk29YBg%3d%3d; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
default-src 'self' https: *.junkers.es; media-src 'self' https: mycliplister.com; font-src 'self' *.junkers.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers.es; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors itzbund.preview.prod.gsb.bund.zivb.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com data: 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.js *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.css *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com; img-src 'self' data: *.atdmt.com *.facebook.com *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.iubenda.com; frame-src 'self' *.facebook.com *.google.com *.iubenda.com *.youtube-nocookie.com; font-src 'self' *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' *.iubenda.com *.google-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
default-src 'none'; img-src 'self' *.oettinger-physics.de data:  cdnjs.cloudflare.com unpkg.com ; script-src 'self' *.oettinger-physics.de 'nonce-39z6Jy6DmznZx8+dimccK1eMVuM=' cdnjs.cloudflare.com unpkg.com ; style-src 'self' *.oettinger-physics.de cdnjs.cloudflare.com unpkg.com ; font-src 'self' cdnjs.cloudflare.com www.oettinger-physics.de;  base-uri 'self'; form-action 'self'  ; frame-ancestors 'self' www.oettinger-physics.de 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.stripe.com https://*.windriverfinancialgateway.com 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https:; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: 1
default-src 'self' 'unsafe-eval' https://www.youtube.com:* 'unsafe-inline' https://bam.nr-data.net:* https://www.google.com:* https://www.googleapis.com:*  https://clients1.google.com:* https://code.jquery.com:* https://js-agent.newrelic.com:*  https://cdn.printfriendly.com:* https://cdn.jsdelivr.net:*  https://www.google-analytics.com:* https://cse.google.com:*  https://ds-4047.kxcdn.com:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1
script-src 'unsafe-inline' 'unsafe-eval' https://browser.sentry-cdn.com/5.15.5/bundle.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.livechatinc.com:* https://*.hotjar.com:* https://*.facebook.net:* https://*.cloudfront.net:* https://*.amazonaws.com:* https://*.fastinvest.com:* https://*.trustpilot.com:* https://*.google.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.google-analytics.com:* https://*.ads-twitter.com:*  https://*.twitter.com:* https://*.twimg.com https://www.googleadservices.com:* https://www.fastinvest.com:* https://googleads.g.doubleclick.net:* https://mc.us18.list-manage.com:* https://*.mailchimp.com:* https://*.mailerlite.com:* 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua 1
reflected-xss block 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.neu content.adfox.ru *.googleapis.com *.yandex.net *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' data: *.avaus.io *.avaus.com *.avaus.fi *.avaus.se *.facebook.net *.google.fi *.bizographics.com *.linkedin.com *.facebook.com *.marketo.com *.mktoresp.com *.marketo.net *.juicer.io *.instagram.com *.google.com *.google.se *.googleanalytics.com *.appspot.com player.vimeo.com *.vimeocdn.com cdnjs.cloudflare.com use.fontawesome.com *.adform.net *.google-analytics.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.google.pl *.youtube.com *.ytimg.com *.ggpht.com *.vendemore.com *.cookiebot.com *.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.slideshare.net *.slidesharecdn.com app.interactiveads.ai leadfeeder.com *.leadfeeder.com *.lfeeder.com snap.licdn.com bot.leadoo.com *.adobedtm.com *.demdex.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleapis.com *.gstatic.com apis.google.com *.googleadservices.com *.doubleclick.net *.mouseflow.com *.youtube.com *.vimeo.com *.google.com *.google.nl *.mijnwefact.nl *.ytimg.com *.feedbackcompany.nl 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  http://tag.myaspectra.ch  https://app.certifaction.io ; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.google.com https://app.certifaction.io ; font-src 'self' https://fonts.gstatic.com  https://app.certifaction.io ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' http//tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
default-src 'self' *.youtube.com *.google.com *.gravatar.com data: *.typekit.net *.google-analytics.com *.amazonaws.com *.googleapis.com *.gstatic.com; style-src 'self' *.googleapis.com *.cloudflare.com 'unsafe-inline' *.cloudfront.net *.cloudflare.com; script-src 'self' 'unsafe-inline' *.polyfill.io *.newrelic.com *.nr-data.net *.cloudfront.net *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com; font-src 'self' *.gstatic.com data: *.typekit.net 1
frame-ancestors *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com https://www.dekust.be https://cdn.knightlab.com/ https://vars.hotjar.com/; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/; report-uri /admin/config/system/seckit/csp-report 1
default-src *; connect-src *; script-src 'unsafe-inline' 'unsafe-eval' *; object-src *; 1
default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
default-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; referrer no-referrer; style-src 'self' 'unsafe-inline' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; img-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' *.udldigital.de chart.apis.google.com  maps.gstatic.com *.googleapis.com developers.google.com *.telefonica.de *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1
script-src 'self' 'unsafe-inline' https://fr.fbhackpass.com https://stats.g.doubleclick.net https://www.google-analytics.com; base-uri 'self'; img-src 'self' data: https://stats.g.doubleclick.net https://www.google-analytics.com 1
default-src https://www.cryptshare.com; script-src 'unsafe-inline' 'unsafe-eval' https://www.cryptshare.com https://landing.cryptshare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://api.hubspot.com https://api.hubapi.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hscta.net https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://www.google-analytics.com/ https://bat.bing.com/ https://snap.licdn.com https://js.usemessages.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'unsafe-inline' https://www.cryptshare.com https://landing.cryptshare.com; img-src data: https://www.cryptshare.com https://landing.cryptshare.com https://no-cache.hubspot.com https://www.google.com https://www.google.de https://www.google-analytics.com/ https://bat.bing.com/ https://track.hubspot.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://www.linkedin.com; media-src https://www.cryptshare.com; frame-src https://www.cryptshare.com https://consentcdn.cookiebot.com https://app.hubspot.com/ https://forms.hubspot.com/ https://www.youtube.com; font-src https://www.cryptshare.com https://landing.cryptshare.com; connect-src data: https://www.cryptshare.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://bat.bing.com 1
default-src https: 'self'; script-src https: 'unsafe-inline' 'self'; style-src https: 'unsafe-inline' 'self' 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://vhostdns.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
frame-ancestors 'self' https://*.googletagmanager.com https://themes.googleusercontent.com https://*.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.sumome.com https://*.doubleclick.net https://*.msn.com https://*.google.com https://*.twitter.com https://t.co https://*.google.be https://*.facebook.com https://*.newrelic.com https://bam.nr-data.net https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.ytimg.com https://cdncache-a.akamaihd.net https://*.youtube.com https://s.ytimg.com https://*.googlevideo.com https://*.addthis.com https://pbs.twimg.com 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spam.com.sg https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com/ *.googletagmanager.com *.doubleclick.net https://www.google.com/ads/user-list https://www.google.XYX/ads/user-list *.googleadservices.com *.gstatic.com   *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src https://www.googletagmanager.com/ns.html *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au   *.facebook.com *.fbcdn.net *.facebook.net  *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' embed.culturalspot.org www.tripadvisor.com.hk *.google-analytics.com www.google.com www.gstatic.com *.googleapis.com live.staticflickr.com; font-src 'self' data:; style-src 'self' 'unsafe-inline';img-src 'self' www.tripadvisor.com.hk *.google-analytics.com live.staticflickr.com data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' a.opmnstr.com *.hotjar.com redbook.listerhill.com connect.facebook.net  *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com  *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com *.google.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; img-src 'self' data: www.facebook.com *.googletagmanager.com maps.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google-analytics.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com  *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com; frame-src data: *.hotjar.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.google-analytics.com *.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com *.google.com fonts.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; connect-src 'self' vc.hotjar.io  api.opmnstr.com *.hotjar.com api.omappapi.com *.google-analytics.com maps.googleapis.com 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
default-src 'self'; manifest-src resources.staging.obie.ai resources.obie.ai 'self'; connect-src 'self' va.tawk.to static-v.tawk.to static-v7.tawk.to *.tawk.to wss://*.tawk.to api.taplytics.com ping.taplytics.com obie.ai staging.obie.ai integrations.obie.ai integrations.staging.obie.ai tasytt.com staging.tasytt.com app.getsitecontrol.com api.amplitude.com www.google-analytics.com *.doubleclick.net api.intercom.io api-iam.intercom.io api-ping.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com; frame-src 'self' va.tawk.to calendly.com optimize.google.com www.loom.com bid.g.doubleclick.net extension.staging.obie.ai extension.obie.ai www.google.com; font-src 'self' data: use.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com static-v.tawk.to js.intercomcdn.com; style-src 'self' optimize.google.com fonts.gstatic.com fonts.googleapis.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net maxcdn.bootstrapcdn.com obie.ai staging.obie.ai extension.staging.obie.ai extension.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com cdn.jsdelivr.net cdnjs.cloudflare.com p.typekit.net 'unsafe-inline'; script-src 'self' data: code.jquery.com maxcdn.bootstrapcdn.com obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.heapanalytics.com maps.googleapis.com aivalabs.com my.hellobar.com js.taplytics.com www.googleoptimize.com www.google-analytics.com connect.facebook.net embed.tawk.to ct.capterra.com www.googleadservices.com assets.calendly.com www.google.com www.gstatic.com tracking.g2crowd.com ajax.googleapis.com d3e54v103j8qbb.cloudfront.net extension.staging.obie.ai extension.obie.ai widgets.getsitecontrol.com st.getsitecontrol.com app.getsitecontrol.com cdn.amplitude.com optimize.google.com sjs.bizographics.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com googleads.g.doubleclick.net checkout.stripe.com google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' optimize.google.com www.google.com www.google.ca obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net cdn.jsdelivr.net cdnjs.cloudflare.com www.facebook.com www.google-analytics.com data: static-v.tawk.to stats.g.doubleclick.net www.googletagmanager.com *.doubleclick.net *.linkedin.com *.adsymptotic.com extension.staging.obie.ai extension.obie.ai js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments.com hi.hellobar.com uploads-ssl.webflow.com app.getsitecontrol.com 1
default-src 'self' *.dollplanet.ru dollplanet.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dollplanet.ru dollplanet.ru my2.imgsmail.ru http://www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru *.yandex.ru *.youtube.com https://www.youtube.com http://www.google-analytics.com https://www.google-analytics.com https://*.staticflickr.com https://flic.kr https://www.flickr.com ; object-src 'self' *.dollplanet.ru dollplanet.ru http://www.gstatic.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.macromedia.com *.ytimg.com ytimg.com *.googlevideo.com googlevideo.com *.yandex.ru ; style-src 'self' 'unsafe-inline' *.dollplanet.ru dollplanet.ru *.yandex.ru ; img-src 'self' *.dollplanet.ru dollplanet.ru http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com barbieplanet.ru www.dollyshouse.ru http://*.photobucket.com https://fotki.yandex.ru https://img-fotki.yandex.ru http://counter.yadro.ru  *.yandex.ru ; data: vk.com yastatic.net http://www.liveinternet.ru counter.yadro.ru mc.yandex.ru http://www.google-analytics.com https://www.google-analytics.com http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com https://www.youtube.com  *.yandex.ru ; media-src 'self' *.dollplanet.ru dollplanet.ru https://www.youtube.com http://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.googlevideo.com; frame-src 'self' *.dollplanet.ru dollplanet.ru connect.mail.ru googleads.g.doubleclick.net vk.com http://www.youtube.com https://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com  *.yandex.ru ; font-src 'self' *.dollplanet.ru dollplanet.ru *.yandex.ru ; connect-src 'self' *.dollplanet.ru dollplanet.ru mc.yandex.ru *.gstatic.com *.yandex.ru  1
default-src 'self'; connect-src 'self' https:; font-src 'self' chrome-extension: https:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://disqus.com http://disqus.com disqus.com; img-src 'self' data: http: https:; script-src 'self' https://cdn.ampproject.org https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com https://*.twimg.com https://platform.twitter.com data:; style-src 'self' https://fonts.googleapis.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://*.twimg.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
default-src www.pranfoods.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com *.google.com *.gstatic.com  cdn.rawgit.com cdn.bootcss.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.rawgit.com maxcdn.bootstrapcdn.com cdn.bootcss.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com csi.gstatic.com maps.gstatic.com maps.google.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com *.google.com *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.intercom.io wss://nexus-websocket-a.intercom.io *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* wss://trisproxy.charles-stanley-direct.co.uk *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.sharethis.com *.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.sharethis.com *.consensu.org; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.consensu.org 1
frame-ancestors scvr.co *.scvr.co 1