Values for x-webkit-csp:
default-src 'self' 'unsafe-inline' 15
frame-ancestors 'self' 14
default-src 'self'; script-src 'self' 'unsafe-inline' 13
default-src 'self' 12
report-uri /report-csp-violation; upgrade-insecure-requests 11
report-uri /report-csp-violation 6
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 4
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 4
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 3
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 3
allow 'self'; 3
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 3
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src 'self' blob: '*.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com 'unsafe-inline' 'unsafe-eval' data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com https://player.vimeo.com/api/player.js *.viralsweep.com https://js.adsrvr.org/up_loader.1.1.0.js https://cdn.userway.org *.vimeo.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com  *.vimeo.com; report-uri /report-csp-violation 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sdk.privacy-center.org https://api.privacy-center.org https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 2
frame-src 'self' * 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 2
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com *.simpli.fi tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms um.simpli.fi * data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com playout.3qsdn.com klimacampus.org; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
object-src none 1
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1
frame-ancestors *.payback.de 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
script-src 'nonce-61bb2626-0691-4523-8bcb-ea448ce3cab6' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org; font-src 'self' fonts.googleapis.com; 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://www.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com id.gov.ua *.sentry-cdn.com *.sentry.io; 1
default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' *; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src  bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1
policy-uri /'self' 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de hrevent3hls.akamaized.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' blob: 'self' hrevent3hls.akamaized.net piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; worker-src 'self' blob:; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * 'self' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com https://*.amazonaws.com/ https://zeptojs.com/zepto.min.js https://*.doubleclick.net/ wss://ws.hotjar.com/ https://go2perseo.com https://affperformance.com/ https://ad.soicos.com; 1
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://acsbapp.com https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net c.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com cdn.cookielaw.org data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com checkout.us.staging.chantelle.cloud https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com https://acsbapp.com https://cdn.acsbapp.com https://process.acsbapp.com https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net *.cookiebot.com connect.facebook.net www.facebook.com snap.licdn.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
"default-src *" 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.linkedin.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.licdn.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;child-src *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.adnxs.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1
default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src  *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.pharmacyregulation.org http://www.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://www.googletagmanager.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://api.reciteme.com/asset/js https://cdn.jsdelivr.net/npm/toastify-js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/mode/yaml/yaml.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/display/placeholder.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/runmode/runmode.js https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://*.facebook.com https://*.facebook.net https://www.pagespeed-mod.com/v1/taas https://*.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: https://*.pharmacyregulation.org http://*.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com https://*.googleapis.com http://maxcdn.bootstrapcdn.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' data: *.s3.eu-west-2.amazonaws.com https://*.pharmacyregulation.org https://cdn.jsdelivr.net http://www.reciteme.com https://api.reciteme.com https://www.youtube.com https://*.google-analytics.com https://*.googletagmanager.com d3mhed0dfgjnch.cloudfront.net https://fonts.gstatic.com; media-src  'self' data: *.s3.eu-west-2.amazonaws.com http://www.reciteme.com https://www.youtube.com; form-action  'self'; frame-src  'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors  'self'; child-src  'self'; font-src 'self' data: https://*.pharmacyregulation.org https://maps.googleapis.com maxcdn.bootstrapcdn.com https://maps.gstatic.com http://www.reciteme.com https://api.reciteme.com https://svc.webspellchecker.net https://fonts.gstatic.com; connect-src  'self' http://www.reciteme.com https://stats.reciteme.com https://api.reciteme.com https://*.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com https://svc.webspellchecker.net https://bam.eu01.nr-data.net https://clapi.civiccomputing.com https://o15468.ingest.sentry.io/api/4505318583435264/envelope/; base-uri self; report-uri /report-csp-violation 1
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://bam.nr-data.net https://maps.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self'; img-src 'self' https://*.wlrk.com *.wlrk.com https://wlrk.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://*.gstatic.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
frame-ancestors *.amboss.com 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://ws.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-kealti90p-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com https://*.sc-static.net https://*.bing.com https://*.ads-twitter.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com ;connect-src 'self' https://docs.google.com https://www.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-a32cb45a5136b64534612beddcd51f69' 'nonce-a10977fcfa00edec7616c7004b9bcdac' 'nonce-0cfeac612842a32410f731d06a6a6f6b' 'nonce-a6cdca3e0ff57c32a3f9989616d054dd' 'nonce-ed02e1f5a7465c22eb9628bffb24d86c' 'nonce-fbc0fa29ad7c3c3f8a13efeb59691e5b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a32cb45a5136b64534612beddcd51f69' 'nonce-a10977fcfa00edec7616c7004b9bcdac' 'nonce-0cfeac612842a32410f731d06a6a6f6b' 'nonce-a6cdca3e0ff57c32a3f9989616d054dd' 'nonce-ed02e1f5a7465c22eb9628bffb24d86c' 'nonce-fbc0fa29ad7c3c3f8a13efeb59691e5b' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://sentry.io https://*.ingest.sentry.io https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://*.hotjar.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://staticcdn.co.nz https://*.vimeo.com/ https://*.powerbi.com/ https://powerbi.com/; img-src 'self' https://*.google-analytics.com https://shielded.co.nz https://staticcdn.co.nz https://*.vimeo.com/ https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com blob: data:; media-src https://*.vimeocdn.com/; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.gstatic.com https://static.doubleclick.net https://polyfill.io https://staticcdn.co.nz/ https://browser.sentry-cdn.com https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; style-src 'self' https://hello.myfonts.net https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6521288/security/?sentry_key=a79b5568564347a2937890e4932796e3&sentry_environment=live; upgrade-insecure-requests 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
frame-ancestors self; 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com   https://*.googletagmanager.com  https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com; upgrade-insecure-requests 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline' data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
script-src 'nonce-4i1FhDYgm+g0ywXi0ciBGiUpc7M=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
policy-uri /'none' 1
default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com *.greenhouse.io *.resonate.com *.reson8.com *.criteo.com; report-uri /report-csp-violation 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
frame-ancestors 'self' weleda.sabio.de 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-OTg1Y2MwY2ZhZDRiYjI5ZjZiNjEyYmE3YTRhNzA3NjI3ZmU5ZWY2ODYyNWRiZDVhN2JmNWJmOWYyN2Q5MDAwNjEwZjcwZjE0NTc4YjA2MWU5MzEyOGJlMDk2YTA1NWY3MjZhZDBmYjdlZTc1N2M1YWRlMGE3NTBlOWUyNjZkZDM=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://*.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://*.typenetwork.com 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https:; worker-src blob: 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: about: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violations; upgrade-insecure-requests 1
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob: https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru https://app.uiscom.ru https://static.cloudflareinsights.com/ https://ya.ru/ https://tracker.comagic.ru; 1
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' ; style-src 'unsafe-inline' *; worker-src 'self' blob:; 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self'  'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly view.genially.com *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 1
frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-0e45a11ca8ec76e29e4e9a0cc64a7cd2' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.abtasty.com *.clarity.ms *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com*; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ *.ownid.com* 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-zKVfGrRuXeGzdt3wQsu7kAdk' 'nonce-M1Z1NSpyN/9xgU3KlesxSHvG' 'nonce-XfSnEJ8C/kIFF8bpk4y+jsaL' 'nonce-LS4HjdkITVpOPgvSpmZUYXyo' 'nonce-7ComXrQ7JGXn0GrUWAfmE1RL' 'nonce-H4iYX6QW7x9fyb27jL08kGCs' 'nonce-jUsjsEzqaw51eSclNOZAO98/' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors https://app.storyblok.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors *; report-uri /report-csp-violation 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *hosted-pageflow.com  *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de my.walls.io klimacampus.org *.klimacampus.org; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
base-uri 'self'; child-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; frame-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; connect-src 'self' wss://micromain-global.firebaseio.com wss://*.firebaseio.com https://*.micromain.global https://micromain.global https://translate.googleapis.com https://api.awesomeblocker.com wss://127.0.0.1 https://fonts.googleapis.com https://translate.google.com https://cdnmd.global-cache.online/ wss://127.0.0.1:*/; default-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com *; img-src 'self' data: micromain.global * blob:; media-src 'self' https://*.micromain.global; script-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' https://micromain.atlassian.net https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://micromain-global.firebaseio.com https://*.firebaseio.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' unsafe-hashes fonts.googleapis.com * 'unsafe-inline'; frame-ancestors 'self' https://*.firebaseio.com https://micromain.global https://*.micromain.global https://*.request.services/ gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=%2FOueZhfBRHjKr6QZ6K74qj55VvzVCJopRMg7%2FAb2jqvE202nnC3v1xmli%2Fd66WGca6E1Xj74CNmQxlUR0i6Y7w%3D%3D; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.analytics.tiktok.com *.connect.facebook.net *.p.teads.tv *.p.teads.tv *.*.www.googletagmanager.com *.analytics.johnsonsbaby.com.co *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
reflected-xss block 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=qj3njl62Br5bHgNe%2BVta3c8iKAYpKw0nP2RVre3xGITsf2Z6IHUEWrR%2FrNwjRRtBhbzZWfK5nZpwQZJTqx3P%2Fw%3D%3D; 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
script-src 'self' 'nonce-bHvqT2o5NBtuWIRUaOC1Qcly' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.mxpnl.com/libs/ https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://googleads.g.doubleclick.net https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; img-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:; ; media-src *; frame-src * *.mikmak.ai *.swaven.com; frame-ancestors 'self'; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; report-uri /report-csp-violation 1
default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.tillpayments.com gateway.tillpayments.com *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'self'; frame-src 'self' secure.tillpayments.com *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: gateway.tillpayments.com *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1
frame-ancestors 'self' https://*.salesforce.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self' *.typekit.net *.google.com *.doubleclick.net *.google.com.tr *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 1
default-src 'self'; script-src 'self' 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/*  https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=da16c8f3-30f6-48f9-9160-a6da3d36fdec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4kz7&type=javascript&version=2.3.29 https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=registration https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=landing; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=67ea32aa-c34c-4715-8d52-c5d49aa88428&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&txn_id=o2n0b&type=javascript&version=2.3.29; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com  https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/partner/1874697/domain/oldmutualalternatives.com/token; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3  https://js.zohocdn.com https://js.zohostatic.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://mitsweb.iitech.dk https://mitsweb.iitech.dk/*; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net https://app.powerbi.com  1
default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolbar.speechstream.net/ *.cloudfront.net/ https://www.googletagmanager.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://plus.browsealoud.com/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cloudfront.net/ http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' *.google-analytics.com/ https://speech.speechstream.net/ https://pronunciation.speechstream.net/  *.doubleclick.net/ https://www.google-analytics.com/ https://www.browsealoud.com/ https://plus.browsealoud.com/ https://translate.googleapis.com https://feeds.trac.jobs/ 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1