Values for x-webkit-csp:
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 38
report-uri /report-csp-violation 36
default-src 'self' 'unsafe-inline' 30
default-src 'self' 25
default-src 'self'; script-src 'self' 'unsafe-inline' 16
frame-ancestors 'self' 16
report-uri /report-csp-violation; upgrade-insecure-requests 13
referrer origin 12
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com 11
frame-ancestors 'none' 11
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation 10
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 9
allow 'self'; 8
report-uri //report-csp-violation 8
frame-ancestors 'self' weleda.sabio.de 7
connect-src * 'self' 6
default-src 'self'; 6
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 6
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 5
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 5
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 4
frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 4
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 4
base-uri 'self'; style-src 'self'; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de; font-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https: 4
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com 'unsafe-eval'; style-src 'self' *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net 4
frame-ancestors 'self' *.oui.sncf; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com; report-uri /report-csp-violation 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
frame-ancestors 'self'; report-uri /report-csp-violation 3
script-src  'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 3
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com fast.wistia.com; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com fast.wistia.com fast.wistia.net embed-fastly.wistia.com/ secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com embedwistia-a.akamaihd.net *.amazonaws.com cx.atdmt.com; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net 10123097.fls.doubleclick.net/; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embed-fastly.wistia.com embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: embedwistia-a.akamaihd.net www.podbean.com fast.wistia.net 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 3
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 3
defult-src 'self' 3
frame-ancestors 'self' piwik.betaalvereniging.nl; 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development 2
frame-src app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com *.userlike.com *.umd.userlike.com wss://umd.userlike.com/; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org userlike-cdn-operators.s3-eu-west-1.amazonaws.com; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de d3dc1lgancj6l0.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.taboola.com *.yimg.com *.doubleclick.net *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com  *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.yahoo.com *.taboola.com *.adsrvr.org *.yimg.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com www.recaptcha.net; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org; 2
deafult-src 'self' 2
upgrade-insecure-requests 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za; frame-src https://www.oldmutual.co.za/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za; 2
default-src 'self' *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src   https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.gstatic.com *.newrelic.com; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com s15923.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co s15923.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 2
default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com 'unsafe-inline' 'unsafe-eval' data: 2
script-src 'self' https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 2
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com steemitdev.com steemit.com steemitwallet.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors rki-editor.preview.gsb.intranet.bund.de piwik.itzbund.de *.facebook.com 1
policy-uri /parivahan//'self' 1
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net ;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events doo.net/de-de/widget/ data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; object-src 'none'; block-all-mixed-content; script-src 'self' https://*.freshchat.com/ https://*.webengage.com/ http://cdn.widgets.webengage.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.googleadservices.com/ https://*.razorpay.com/ https://*.google.com/ https://*.groww.in/ wss://*.groww.in/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ 'unsafe-inline' https://storage.googleapis.com/; img-src 'self' data: blob: https://www.google-analytics.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://groww.in/ https://*.groww.in/ https://www.google.com/ https://img.youtube.com/ https://s3.amazonaws.com/cdn.freshdesk.com/ https://viewlogo.s3.amazonaws.com/ https://wchat.freshchat.com/; style-src 'self' https://*.groww.in/ 'unsafe-inline' https://accounts.google.com https://wchat.freshchat.com/; font-src 'self' https://*.groww.in/ data:; connect-src 'self' data: https://*.groww.in/ wss://*.groww.in/ https://*.webengage.com/ https://*.bugsnag.com/ https://*.razorpay.com/ https://*.delighted.com/ https://accounts.google.com https://www.google-analytics.com/ https://*.googleapis.com/; frame-src 'self' https://*.webengage.co https://*.google.com/ https://www.youtube.com/ https://www.facebook.com https://*.groww.in/ wss://*.groww.in/ https://wchat.freshchat.com/; media-src https://*.groww.in/ blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 wss://wallex.ir:8443 wss://www.wallex.ir:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www. .com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.comhttps://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com https://*.alexa.com https://cdn.polyfill.io https://www.gstatic.com https://*.crisp.chat wss://*.crisp.chat wss://stream.binance.com:9443 wss://wsc.wallex.ir wss://wsc.wallex.ir:8443 wss://ws.wallex.ir https://*.wallex.ir https://wallex.market https://*.yektanet.com https://*.hotjar.com wss://*.hotjar.com; 1
default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://speech.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-XwQT/PsFMy+rKSB4vlW93i5lrzIRaGmPC3M2D0C3ZKU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com 'sha256-xa51hFBsKVs5oNbE781o57zeanVYlR2Fas1LOYkxyug=' 'sha256-rawHpf1P2aNdh6tn+KPlMS54GDrP3VvLCRholyMzSxc=' 'sha256-QRC0MyBTCWd4gbZkWjOKCXETHr5l/39sPBrZ3MP/gN4=' 'sha256-ZG5BPi4VWcS9LJeZUVjBA/xz0OG1polswYG4SXL3Wrw=' 'sha256-S0uRMRh2Bj6im1RVrQB0CPlaDfiEha66qA4u5FXxjFw=' 'sha256-ilORk9YiiP++OHMTPBVAueJQM0Mg35oRj+yq3CJSbF0=' 'sha256-LJWTHYRBGrzLiL7qbzcWsQKGIg69yZOKI9XAono8pKI=' 'sha256-S2Vkh+7++wRSyicSBMtPbcyaxwXZbOZICxUJzh81hKM=' 'sha256-5tjEBAZDuThDj/m5zA/+fRYSXoxfEOF7gkJ985V2u6g=' 'nonce-162011493850400' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com; img-src * data:; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com googletagmanager.com cdn.ravenjs.com ssl.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com 'nonce-M+zck/kuNIylZxPx0C0R8M1EeRBn0p7Q7g17y9HA757VnhLG'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'none'; style-src 'self' use.typekit.net p.typekit.net cdn.embedly.com 'unsafe-inline' cdn.integromat.com www.integromat.com static.integromat.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: use.typekit.net script.hotjar.com cdn.embedly.com cdn.integromat.com fonts.gstatic.com; img-src 'self' data: *.integromat.com secure.gravatar.com usage.trackjs.com stats.g.doubleclick.net www.google-analytics.com img.youtube.com www.youtube.com www.facebook.com t.co script.hotjar.com twitter.com self cdn.integromat.com static.integromat.com www.google.com api.producthunt.com; connect-src 'self' *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.mixpanel.com www.google-analytics.com stats.g.doubleclick.net api-cdn.embed.ly api.segment.io *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src 'self' www.facebook.com www.youtube.com vars.hotjar.com cdn.embedly.com frame.hotjar.com vars.hotjar.com; script-src 'self' www.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com static.hotjar.com script.hotjar.com cdn.mxpnl.com cdn.embedly.com cdn.segment.com cdn.integromat.com static.integromat.com code.jquery.com static.hotjar.com script.hotjar.com www.googletagmanager.com 'unsafe-inline'; object-src 'self'; media-src 'self' cdn.integromat.com; manifest-src 'self' cdn.integromat.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de data: blob: *.avm.de;frame-ancestors 'self' 1
block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com blob: https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.google.co.in https://maps.gstatic.com https://maps.googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com http://gcp.stage.halodoc.com http://gcp.prod.halodoc.com https://web.prod.halodoc.com http://localhost:14000 https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
frame-ancestors *.payback.de 1
report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
frame-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com; child-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.zionsbank.com https://*.zionsbank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.zionsbank.com https://*.zionsbank.com https://*.zionsbank.com https://*.cludo.com  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://googleads.g.doubleclick.net https://*.pages05.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.zionsbank.com https://*.zionsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self'; frame-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com https://*.online-metrix.net; frame-ancestors 'self' https://banking.zionsbank.com https://*.sndcdn.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.browsealoud.com *; style-src 'self' 'unsafe-inline' https://plus.browsealoud.com https://fonts.googleapis.com *; child-src 'self' *; font-src 'self' https://fonts.gstatic.com data: *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src https://browsealoud-webservices-8.texthelp.com/ https://plus.browsealoud.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com/ *; media-src 'self' blob: https://*.speechstream.net; script-src-elem  'unsafe-inline' data: *; 1
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self'  'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io sun.tronex.io steemitwallet.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com staticfiles.steemit.com localhost:8080; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' http: https: www.krebshilfe.de dkh-stage.dwprev.com; 1
default-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/  ; script-src 'unsafe-inline' 'unsafe-eval' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; object-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; style-src 'unsafe-inline' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; img-src data: https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; media-src *; frame-src 'self' https://*.ticimax.com/ https://www.destekalani.com/ https://www.youtube.com/; font-src * 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
default-src 'self'; frame-src 'self' https://w.soundcloud.com/ https://spark.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://spark.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-p04ICvhv5V9PJfG9AnM4+4t8eCcdnUhEP7BSwEKl+Es=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-qGDvUX2HtsqDpO/HG5GVYJAqc+JCPfL00g5KLJSttGc=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech cdn.afp.ai increaserev.com; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
default-src 'self'; connect-src 'self' https://*.ekir.de https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self';  style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de spaceview.netzlabor.de; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org spaceview.netzlabor.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.cloudfront.net; frame-ancestors 'self'; 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.monsido.com; frame-src 'self' *.dwcdn.net *.infogram.com radian.mintdesign.co.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com; frame-ancestors 'self'; font-src 'self' *.gstatic.com; img-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com; media-src 'self' crowdriff-video-upload.s3.amazonaws.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeo.com code.highcharts.com browser-update.org *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com; 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com https://w.soundcloud.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' fast.fonts.net; object-src *.youtube.com www.youtube.com *.ytimg.com *.googlevideo.com *.vhall.com e.vhall.com https://player.soundcloud.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data:*; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' http://*.amazonaws.com:* https://*.amazonaws.com:*; frame-src 'self' 'unsafe-inline' * blob:*; frame-ancestors 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' * blob:* blob:; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com https://www.youtube.com/; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net; report-uri //report-csp-violation 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://www.google.co.nz data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'nonce-OGQyYjAxZTI3NGE1ZWFiYmY4MWRmNjQyNDI1ZGY2ODA3MjMxNzYzOTNmMzQ0NjJkYTRlNTI5Y2QzYzk0YzdjNWIzODJkYmZhMzFkODgwOTQyOWFjNGZmYmU0YTY0ODMzMGNjMjg4OTdiYmVkYTMyNzM2OWI1ZmNkMGVhN2YwZTk=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 1
default-src 'self' http: https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://www.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'unsafe-inline' 'self' data: http: https:; media-src 'self' 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.s3.eu-west-2.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
default-src 'self' http://www.trier.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-ae5989fc5a3328eb40ad0426c2607621' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
base-uri *; child-src * data: blob: filesystem: mediastream:; form-action *; frame-ancestors *; connect-src * data: blob: filesystem: mediastream:; font-src * data: blob: filesystem: mediastream:; frame-src * data: blob: filesystem: mediastream:; img-src * data: blob: filesystem: mediastream:; media-src * data: blob: filesystem: mediastream:; object-src * data: blob: filesystem: mediastream:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:;  default-src *; report-uri https://listenercare.siriusxm.com/prweb/PRServletCustom/2mCjkZJmJzIb2YFZHOYfCw%5B%5B*/!STANDARD 1
default-src 'self' ; script-src 'self' 'nonce-TXpka04yRTVNRFJpWTJRM05ESTM=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WTJJeFpqZzRZbVprWm1RMk9EWTU=' *.servmetric.com *.govmetric.com piwik.breda.nl 'nonce-TnpJNE9XVXhNVGN3WVdZNVpEUTE=' *.vrmwb.nl 'nonce-T0RJeU0yWTRZakUzTlRZelpXVmo=' 'nonce-TURVNFl6azBPR05pTWpSaFlUWTU=' 'nonce-T1dSa05EYzJaRFV6T1RNeFpXTmw='; object-src 'self'; style-src 'self' 'nonce-WkdZd09ESmxNVGRrTXpabE5UTmk=' 'nonce-TkRVMU5ERmpPR05qT0RWalpqaG0=' *.servmetric.com *.govmetric.com 'nonce-TmpFMVptUTFNbU01TW1OaU1UQXc=' 'nonce-T0dFMk1XTTBaakUyTkdZNE0yTmg='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com piwik.breda.nl *.openstreetmap.org; media-src 'self'; frame-src 'self' www.youtube.com reserveren.rondvaartbreda.nl buwa.maps.arcgis.com *.breda.nl *.youtube.com *.servmetric.com *.govmetric.com; frame-ancestors 'self' piwik.breda.nl; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.govmetric.com piwik.breda.nl; report-uri /report-csp-violation 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js;      img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https://accesso.com https://px.ads.linkedin.com https://p.adsymptotic.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://accesso.com; img-src 'self' https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://privacy-policy.truste.com data:; connect-src 'self' https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; font-src 'self' https://cloud.typography.com data:; frame-src 'self' https://bid.g.doubleclick.net https://player.vimeo.com/ https://hello.accesso.com/ https://polaris.brighterir.com; 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com www.recaptcha.net www.gstatic.com script.hotjar.com static.hotjar.com d.impactradius-event.com bat.bing.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com www.google.com www.recaptcha.net; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
frame-ancestors https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'none'; script-src 'self' https://static.cryptomkt.com/ https://cdn4.mxpnl.com/ https://static.olark.com/ https://api.olark.com/ https://knrpc.olark.com/ https://assets.olark.com/; object-src 'self' https://static.cryptomkt.com/; style-src 'self' 'unsafe-inline' https://static.cryptomkt.com/ https://fonts.googleapis.com/ https://static.olark.com/; img-src 'self' data: https://static.cryptomkt.com/ https://log.olark.com/ https://static.olark.com/; media-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; frame-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; font-src 'self' data: https://static.cryptomkt.com/ https://fonts.gstatic.com https://static.olark.com/; connect-src 'self' wss://worker.cryptomkt.com/ https://worker.cryptomkt.com/ https://api-js.mixpanel.com/ https://knrpc.olark.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self' cmsv2.zebrix.net 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://www.gstatic.com/charts/ http://www.google-analytics.com https://ssl.google-analytics.com https://*.gstatic.com/feedback/ https://www.gstatic.com/charts/ https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://www.gstatic.com/charts/ https://docs.google.com/; img-src * data: blob:; font-src *; 1
style-src 'self' 'unsafe-inline' widget.cloud.opta.net stackpath.bootstrapcdn.com fonts.googleapis.com cdn.theoplayer.com cdn.myth.theoplayer.com cdn-nwsl.video.aetnd.com nwsl-cdn.global.ssl.fastly.net qa-nwsl-cdn.global.ssl.fastly.net qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com dev-nwsl-cdn.s3.amazonaws.com qa-nwsl-cdn.s3.amazonaws.com prod-nwsl-cdn.s3.amazonaws.com secure.widget.cloud.opta.net www.google.com platform.twitter.com ton.twimg.com embed.twitch.tv; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-nwsl.video.aetnd.com qa-cdn-nwsl.video.aetnd.com dev-cdn-nwsl.video.aetnd.com widget.cloud.opta.net secure.widget.cloud.opta.net platform.twitter.com cse.google.com calendarx.com dev-nwsl-cdn.s3.amazonaws.com nwsl-cdn.global.ssl.fastly.net qa-nwsl-cdn.global.ssl.fastly.net qa-nwsl-cdn.s3.amazonaws.com prod-nwsl-cdn.s3.amazonaws.com www.youtube.com www.google.com www.google-analytics.com cdn.theoplayer.com cdn.myth.theoplayer.com cdn.syndication.twimg.com www.instagram.com api.performfeeds.com www.googletagmanager.com embed.twitch.tv; worker-src blob: 1
: default-src * 1
default-src 'self' http://yourcardhubdevqaapp.local http://yourcardhubtestapp.local http://yourcardhubproductionapp.local https://google-analytics.com https://www.google-analytics.com https://bes-fenton-devqa-yourcardhub.s3-us-west-2.amazonaws.com https://bes-fenton-test-yourcardhub.s3.amazonaws.com https://bes-fenton-production-yourcardhub.s3-us-west-2.amazonaws.com https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com; connect-src 'self' http://yourcardhubdevqaapp.local http://yourcardhubdevqaapp.local:3030 https://yourcardhubdevqaapp.local:3030 http://yourcardhubtestapp.local http://yourcardhubtestapp.local:3030 https://yourcardhubtestapp.local:3030 http://yourcardhubproductionapp.local:3030 https://yourcardhubproductionapp.local:3030 https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://google-analytics.com https://www.google-analytics.com https://bes-fenton-devqa-yourcardhub.s3-us-west-2.amazonaws.com https://bes-fenton-test-yourcardhub.s3.amazonaws.com https://bes-fenton-production-yourcardhub.s3-us-west-2.amazonaws.com; style-src https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https: 'unsafe-inline' https://fonts.googleapis.com data: ; script-src 'self' https://www.intelispend-staging.com https://www.1.awardhq.com https://code.jquery.com/ http://yourcardhubdevqaapp.local https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://www.google.com https://www.gstatic.com https://apis.google.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://client-api.arkoselabs.com https://api.arkoselabs.com https://docs.google.com https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com blob:; child-src 'self'; img-src 'self' https://maritz.scene7.com https://www.1.awardhq.com https://www.pointspot.com https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://blackhawknetwork.widen.net https://embed.widencdn.net https://bes-fenton-devqa-yourcardhub.s3-us-west-2.amazonaws.com https://bes-fenton-test-yourcardhub.s3.amazonaws.com https://bes-fenton-production-yourcardhub.s3-us-west-2.amazonaws.com https://google-analytics.com https://www.google-analytics.com data: ; frame-src 'self' https://www.google.com https://client-api.arkoselabs.com https://api.arkoselabs.com https://docs.google.com; font-src 'self' https://*.yourcardhub.com https://yourcardhub.com https://*.myprepaidcenter.com https://myprepaidcenter.com https://ych.myprepaidcenter.com https://fonts.gstatic.com https://fonts.googleapis.com data: ;object-src data: 'unsafe-eval'; 1
default-src 'self'; connect-src 'self' https://bat.bing.com http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.google.com https://webto.salesforce.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.cludo.com https://*.adsrvr.org https://connect.facebook.net https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.facebook.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.twitter.com *.twimg.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.twimg.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.osm.org *.twitter.com *.twimg.com piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data: https://fonts.gstatic.com https: 1
frame-ancestors *.amboss.com 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /en/report-csp-violation 1
img-src 'self' data: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.norma-online.de fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com *.adform.net www.youtube.com blueimp.github.io *.api.here.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru yookassa.ru  *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com https://public.tableau.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net https://unpkg.com;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net https://img.shields.io https://public.tableau.com;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://youtube.com  https://www.youtube.com https://public.tableau.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri //report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-79GuGPYrSvGy2VFWHxNcFQ==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu aggregator.service.usercentrics.eu https://www.gstatic.com https://*.3qsdn.com https://*.jameda-elements.de www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.usercentrics.eu aggregator.service.usercentrics.eu https://*.3qsdn.com https://*.jameda-elements.de/ www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de *.zscaler.net; img-src * data:; style-src 'self' 'unsafe-inline' https://*.3qsdn.com fonts.googleapis.com; media-src 'self' blob: https://*.3qsdn.com; connect-src 'self' *.usercentrics.eu https://*.3qsdn.com vendorlist.consensu.org www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: https://*.3qsdn.com fonts.gstatic.com; frame-ancestors 'self' www.sanadaily.de localhost:* sc.01.sana-apps.de www.sana.de; frame-src 'self' sc.01.sana-apps.de www.sana.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com www.youtube-nocookie.com 466b13bd.sibforms.com *.livecoder.com player.vimeo.com *.zscaler.net *.sana.de virtualpro360.com 1
style-src 'self' 'unsafe-inline'; script-src 'self' 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.stg.brandwire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com 1
default-src=self 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de; 1
frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site http://ila.lndo.site:8000; report-uri //report-csp-violation 1
frame-src *; 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' *.zdassests.com *.cloudinary.com; connect-src https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.myshopify.com https://*.openshiftapps.com localhost:* https://sentry.io *.yotpo.com www.google-analytics.com likeshop.me https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.hotjar.io https://*.hotjar.com https://devacurl.2m8f.net wss://widget-mediator.zopim.com https://*.doubleclick.net https://*.facebook.com https://*.trackedweb.net https://*.cookielaw.org https://*.onetrust.com/ *.amplitude.com https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html https://*.pinterest.com https://*.bing.com https://*.google.com; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data: likeshop.me; frame-src *.doubleclick.net optimize.google.com *.phorest.me phorest.me phorest.com *.dotmailer-surveys.com *.dotdigital-pages.com *.hotjar.com *.youtube.com *.googletagmanager.com *.facebook.com *.afterpay.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.yotpo.com *.doubleclick.net *.google.com *.dashhudson.com *.google.com *.bing.com *.hotjar.com *.facebook.net *.zdassets.com https://widget-mediator.zopim.com *.dotmailer-surveys.com *.dotdigital-pages.com https://*.impactradius-event.com *.cookielaw.org https://*.trackedweb.net https://*.onetrust.com https://*.afterpay.com https://*.pinimg.com https://*.pinterest.com https://static.zdassets.com https://s.pinimg.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://*.yotpo.com https://*.google.com https://*.googleapis.com https://*.mapbox.com; report-uri https://sentry.io/api/1474106/security/?sentry_key=71495ca5d2814cc995ebaa6fa5461d8f&sentry_environment=prod; media-src 'self' *.zdassets.com *.cloudinary.com dashhudson-static.s3.amazonaws.com https://*.dashhudson.com 1
script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval'; style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.online-metrix.net https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; frame-src 'self' https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://www.google.com https://www.google.es https://stats.g.doubleclick.net https://www.facebook.com/ data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
1
default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://www.youtube.com https://wt.engage.ubiquity.co.nz https://browser-update.org https://cdn.monsido.com https://s.ytimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com/jquery-3.4.1.min.js https://s.yimg.com/wi/ytc.js; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://www.google.com https://www.google.co.nz/ https://www.google-analytics.com https://tracking.monsido.com https://*.facebook.com https://sp.analytics.yahoo.com https://stats.g.doubleclick.net https://staticcdn.co.nz https://googleads.g.doubleclick.net https://i.creativecommons.org https://i.ytimg.com/vi_webp/y0QIcRQv2Q8/mqdefault.webp; form-action 'self' https://www.facebook.com; manifest-src 'self'; frame-src 'self' https://www.google.com/ https://www.facebook.com https://www.youtube.com https://www.youtube-no-cookie.com https://*.doubleclick.net https://staticcdn.co.nz; frame-ancestors 'self' https://mbie9.test https://mbie9-uat.cwp.govt.nz https://mbie9.cwp.govt.nz https://tools.business.govt.nz https://www.tools.business.govt.nz; connect-src 'self' https://wt.engage.ubiquity.co.nz https://www.google-analytics.com https://stats.g.doubleclick.net; base-uri 'self'; 1
base-uri 'self' 'report-sample'; block-all-mixed-content; form-action 'self' 'report-sample'; frame-ancestors 'self'; default-src 'none'; connect-src 'self' 'report-sample'; frame-src 'self' 'report-sample'; img-src 'self' data: 'report-sample'; font-src 'self' 'report-sample'; media-src 'self' 'report-sample'; manifest-src 'self' 'report-sample'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; report-uri /auktion/clients/csp_violation.php 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inphota.com kit.fontawesome.com www.googletagmanager.com consent-manager.metomic.io platform.twitter.com syndication.twitter.com static.ads-twitter.com cdn.syndication.twimg.com analytics.twitter.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.googleadservices.com www.google.com www.google.ae https://www.gstatic.com/recaptcha/ connect.facebook.net aff.bstatic.com *.algolianet.com *.algolia.net ; report-uri https://gulfmultisport.inphota.com/en/security/csp-report; style-src 'self' 'unsafe-inline' *.inphota.com fonts.googleapis.com kit.fontawesome.com ka-f.fontawesome.com kit-free.fontawesome.com translate.googleapis.com fast.fonts.net ; img-src data: blob: *; font-src fonts.gstatic.com ka-f.fontawesome.com kit-free.fontawesome.com fast.fonts.net; connect-src wss: *.inphota.com kit.fontawesome.com ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net api.rollbar.com *.inphota.com www.facebook.com *.algolia.net *.algolianet.com apipub.metomic.io cdn.plot.ly translate.googleapis.com t.co ; frame-src *.inphota.com www.facebook.com www.booking.com https://www.google.com/recaptcha/ www.youtube.com veloviewer.com translate.google.com www.googletagmanager.com ; frame-ancestors 'self' *.inphota.com adsc.ae www.adsc.ae therakhalfmarathon.com www.therakhalfmarathon.com cyclechallenge.ae www.cyclechallenge.ae 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-KkhT2CFG194/XXJdkPtaoYHy' 'nonce-EptLmNfzGemKpebUee5YLK3G' 'nonce-lPxwXL4W2Rci7zz3Ps2ktb5o' 'nonce-v4YxNwYbCrfY5t3GS2ixtwyN' 'nonce-D+UurW9gaLSfHTl0RBgmLdxt' 'nonce-8GuHodiMBSBe/ZLSI3f0JaM7' 'nonce-qD2MT2tsBXV14UK34qCGybC5' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io; report-uri /csp-report; script-src blob: www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.gstatic.com;img-src * blob:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=DbTYZltjxoMnAAtho7BArjzZ%2BJOmf8HM6xE56Xdm7T6M%2FBDSAuhSzfc%2BcuTPr8eV%2B8f3xtPXQEJwOV8aIOPa%2Fg%3D%3D; 1
default-src https:;media-src 'self' www.wellsfargomedia.com www.wellsfargo.com;font-src 'self' data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com ceomedia.wf.com;base-uri 'self';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fea30abb315d00e' www.wellsfargo.com www.bing.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' www.bing.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;object-src 'self' wifp.wellsfargo.com wifp.ceo.wellsfargo.com; 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src https:; style-src https: 'unsafe-inline'; img-src https: data:; media-src https:; font-src https: data:; connect-src https: wss: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com *.pricespider.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.pricespider.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au legal.bbulibrary.com *.googletagmanager.com *.pricespider.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com c.sharethis.mgr.consensu.org; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.com data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.google-analytics.com *.doubleclick.net d3tl8vem8osmxf.cloudfront.net d5gilh1ztb0u5.cloudfront.net max-access-toolbar.onlineada.workers.dev polly.us-east-2.amazonaws.com/v1/speech; script-src 'self' www.googletagmanager.com js.hsadspixel.net *.hs-banner.com *.crazyegg.com js.hs-analytics.net *.equalweb.com access.equalweb.com connect.facebook.net www.google.com *.gstatic.com maps.googleapis.com *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.maxaccess.io *.audioeye.com *.userway.org; style-src 'self' *.typekit.net *.fonts.net fonts.googleapis.com maps.googleapis.com *.userway.org *.maxaccess.io api.maxaccess.io/scripts/toolbar/*; img-src 'self' www.googletagmanager.com *.webdamdb.com www.google-analytics.com insight.adsrvr.org www.facebook.com data: maps.gstatic.com *.googleapis.com *.ggpht.com *.hubspot.com img.youtube.com blog.hobartcorp.com  *.hsforms.com *.cloudfront.net *.maxaccess.io maxaccess.io *.userway.org; frame-src 'self' *.google.com *.hotjar.com *.youtube.com *.webdamdb.com *.hsforms.com *.facebook.com; font-src 'self' use.typekit.net fast.fonts.net fonts.gstatic.com; connect-src 'self' api.hubapi.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net *.equalweb.com *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com tracking.crazyegg.com *.amazonaws.com *.maxaccess.io *.userway.org *.cloudfront.net d3tl8vem8osmxf.cloudfront.net d5gilh1ztb0u5.cloudfront.net; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https:; font-src 'self' chrome-extension: https:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://disqus.com http://disqus.com disqus.com; img-src 'self' data: http: https:; script-src 'self' https://cdn.ampproject.org https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com https://*.twimg.com https://platform.twitter.com data:; style-src 'self' https://fonts.googleapis.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://*.twimg.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
default-src https://*.brille24.de 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.awin1.com https://*.adition.com https://*.ad-srv.net https://*.clarity.ms https://*.cptrack.de https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.dwin1.com https://*.emsecure.net https://*.etrusted.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.co.uk https://*.google.* https://*.google.dk https://*.google.com https://*.gstatic.com https://*.klarna.com https://*.liveperson.net https://*.lpsnmedia.net https://*.newrelic.com https://*.nr-data.net  https://*.ogone.com https://*.omq.de https://*.paypalobjects.com https://*.polyfill.io https://*.remarketingpixel.com https://*.retailads.net https://*.slgnt.eu https://*.taboola.com https://*.trustedshops.com https://*.usercentrics.com https://*.usercentrics.eu https://*.youtube-nocookie.com https://*.windows.net https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zopim.com http://localhost; img-src https: blob: data: about: 1
default-src 'self' *.learningcloud.me ;script-src 'self' www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval' ; font-src 'self' * 'unsafe-inline' 'unsafe-eval'  1
frame-ancestors 'none'; connect-src 'self' https://*.facebook.com/ https://*.pusher.com wss://*.pusher.com https://*.fusepump.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.sessioncam.com/ https://*.doubleclick.net/ https://*.nr-data.net/ 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dancow.co.id/report-csp-violation; upgrade-insecure-requests 1
default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' siteimproveanalytics.com piwik.venlo.nl dev.visualwebsiteoptimizer.com *.obi4wan.com *.pusher.com *.siteimproveanalytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net; img-src 'self' data: piwik.venlo.nl dev.visualwebsiteoptimizer.com *.obi4wan.com *.amazonaws.com *.siteimproveanalytics.io www.gstatic.com; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.venlo.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com fast.fonts.net; connect-src 'self' piwik.venlo.nl *.obi4wan.com *.pusher.com wss://*.pusher.com fast.fonts.net; report-uri /report-csp-violation 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /en/report-csp-violation 1
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src 'unsafe-inline' 'self' https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 'nonce-a4318432-e76d-440e-975f-f2d9e78097d1'; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com; img-src 'self' data: *; frame-src * *.adform.net; object-src 'none'; upgrade-insecure-requests 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.stripe.com accounts.google.com tinyletter.com; 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.vectrabank.com https://*.vectrabank.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumome.com https://*.sumo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.vectrabank.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.vectrabank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.vectrabank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.vectrabank.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://vimeo.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.vectrabank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src *; style-src *; connect-src * 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com *.pricespider.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com  *.pricespider.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com   *.pricespider.com; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' https://*.etracker.com 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://www.addthis.com/ https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com/releases/v5.7.1/css/; img-src 'self'; media-src 'self' https://www.youtube.com/; frame-src 'self' https://www.youtube.com/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'none'; frame-ancestors 'self' https://www.youtube.com/; form-action 'self'; object-src 'self'; base-uri 'self' 1
base-uri 'self'; child-src 'self' gap: blob: https://assets.braintreegateway.com https://c.paypal.com https://*.cardinalcommerce.com https://*.giga.com.sg https://*.axlecloud.info https://spit-fire-1cbb5.firebaseapp.com https://api.braintreegateway.com https://cx.getcloudcherry.com https://accounts.google.com www.googletagmanager.com https://www.youtube.com/ youtube.com https://insight.adsrvr.org https://api.sandbox.braintreegateway.com https://*.sandbox.braintree-api.com https://www.google.com/ https://youtu.be/ https://9369819.fls.doubleclick.net/; frame-src 'self' gap: blob: https://assets.braintreegateway.com https://c.paypal.com https://*.cardinalcommerce.com https://*.giga.com.sg https://*.axlecloud.info https://spit-fire-1cbb5.firebaseapp.com https://api.braintreegateway.com https://cx.getcloudcherry.com https://accounts.google.com www.googletagmanager.com https://www.youtube.com/ youtube.com https://insight.adsrvr.org https://api.sandbox.braintreegateway.com https://*.sandbox.braintree-api.com https://www.google.com/ https://youtu.be/ https://9369819.fls.doubleclick.net/; connect-src 'self' https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://*.googleapis.com https://*.getcloudcherry.com https://accounts.google.com https://plugin.ucads.ucweb.com https://www.google-analytics.com stats.g.doubleclick.net https://sdk.iad-03.braze.com/api/ https://client-analytics.sandbox.braintreegateway.com https://api.sandbox.braintreegateway.com https://*.sandbox.braintree-api.com https://js.appboycdn.com/web-sdk/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://use.fontawesome.com/; img-src 'self' data: blob: https://assets.braintreegateway.com https://checkout.paypal.com data: https://cx.getcloudcherry.com www.google-analytics.com gjtrack.ucweb.com stats.g.doubleclick.net www.google.com.sg www.google.com i.vimeocdn.com www.googletagmanager.com csi.gstatic.com downloads.mailchimp.com gallery.mailchimp.com https://*.sandbox.braintree-api.com https://www.facebook.com https://badge.seedly.sg/giga!/giga_rectangle_light.png https://badge.seedly.sg/giga!/giga_square_light.png https://api.grab.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.com.sg https://appboy-images.com blob:; script-src 'self' https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://cx.getcloudcherry.com https://c.paypal.com https://*.axlecloud.info https://*.giga.com.sg apis.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com youtube.com https://acbot2.giga.com.sg downloads.mailchimp.com mc.us3.list-manage.com connect.facebook.net https://js.adsrvr.org/up_loader.1.1.0.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.sandbox.braintree-api.com https://js.appboycdn.com/web-sdk/ https://use.fontawesome.com/ https://www.google.com/recaptcha/ https://appleid.cdn-apple.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com https://*.sandbox.braintree-api.com https://use.fontawesome.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=cFpyy6hSnvmp4f2Y3tRxYayGFyCnw%2bBB5h5eb6RQwPhYXM7kuKaNOtLCVMcTEN6tsY2ndncOMcNT%2fJyc0B7ej1bHHEjXBlFgxANTEuVkOAc2uhjMnA%2b27EYWsgZ9CklXvxMKnDpbSXePHQFyyfy%2fPPpTiFiTHdR41JDGOVV9gVJ27d3IGpM7TrCXVshBAo29; 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://form.jotformeu.com https://cdn.jotfor.ms https://js.jotform.com https://widgets.jotform.io https://browser.sentry-cdn.com https://events.jotform.com https://static.dvinci-easy.com https://api.heycamp.de https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/de/local.js https://code.jquery.com;; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jotfor.ms http://www.al-ko.com https://widgets.jotform.io https://static.dvinci-easy.com;; img-src 'self' www.google-analytics.com https://www.facebook.com https://www.google.com https://cdn.jotfor.ms https://stats.g.doubleclick.net https://events.jotform.com https://www.heycamp.de https://cdn.cookielaw.org https://i3.ytimg.com https://www.google.ro  https://www.google.de  https://www.google.com;; media-src 'self'; frame-src 'self' https://www.google.com https://www.store-connector.com https://submit.jotformeu.com/ https://www.youtube.com/;; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com netdna.bootstrapcdn.com;; connect-src 'self' https://www.google-analytics.com *.onetrust.com https://cdn.cookielaw.org https://static.dvinci-easy.com https://alko-tech.dvinci-easy.com https://www.heycamp.de https://stats.g.doubleclick.net;; report-uri /en/report-csp-violation 1
default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' https://*.salesforce.com 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net https://support.gale.com* https://www.google-analytics.com/analytics.js *www.google-analytics.com* https://translate.googleapis.com; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net  *.fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *www.aacpl.net/* *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com https://support.gale.com* https://aacplnet-my.sharepoint.com*; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.microsoft.com https://support.gale.com* https://aacplnet-my.sharepoint.com*; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://aacplnet-my.sharepoint.com*; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
frame-ancestors 'self' *.6connex.com; script-src 'self' code.jquery.com kit.fontawesome.com https://www.googletagmanager.com http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdn.datatables.net https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' img.youtube.com youtube.com cdn.jsdelivr.net www.youtube.com maps.gstatic.com data: fonts.gstatic.com fonts.googleapis.com www.gstatic.com platform.twitter.com s7.addthis.com www.google-analytics.com z.moatads.com cdn.syndication.twimg.com m.addthis.com v1.addthisedge.com stats.g.doubleclick.net syndication.twitter.com pbs.twimg.com maps.google.com maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com; frame-src 'self' https://www.google.com https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com 1
frame-ancestors 'self' https://www.kayak.fr 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' https://api.deezer.com https://*.bernardo.fm; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://code.getmdl.io https://*.bernardo.fm; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://code.getmdl.io https://pagead2.googlesyndication.com https://adservice.google.ch https://*.bernardo.fm https://*.google.com https://*.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://*.bernardo.fm; media-src 'self' https://www.dropbox.com https://*.dl.dropboxusercontent.com https://*.bernardo.fm; img-src 'self' data: http://www.w3.org https://*.bernardo.fm; frame-src https://googleads.g.doubleclick.net https://www.google.com 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com banman.providermagazine.com host1.easypolls.net ajax.googleapis.com script.crazyegg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com banman.providermagazine.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.doubleclick.net *.youtube.com https://*.youtube.com *.ytimg.com https://*.ytimg.com https://*.googleapis.com https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com *.googleapis.com https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; font-src 'self' https://*.gstatic.com *.gstatic.com; img-src 'self' data: www.google-analytics.com *.google.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com *.gstatic.com *.doubleclick.net https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com; frame-src 'self' *.youtube.com https://*.youtube.com *.google.com https://*.google.com; connect-src 'self' www.google-analytics.com  https://s3-ap-northeast-1.amazonaws.com https://chatbot.com.hk *.pusher.com *.pusherapp.com  wss://ws-ap1.pusher.com https://www.bcthk.com https://sim-www.bcthk.com https://3pn36nrcw1.execute-api.ap-northeast-1.amazonaws.com https://7ab07kkkhb.execute-api.us-west-2.amazonaws.com https://us-central1-facebook-bot-backend-dev.cloudfunctions.net https://img.youtube.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; object-src 'self' https://pts.eteleon.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.eteleon.de https://umfrage.eteleon.de https://pts.eteleon.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.eteleon.de https://stats.eteleon.de https://imagepool.eteleon.de https://pts.eteleon.de https://api.trustedshops.com https://trustbadge.api.etrusted.com/shop/X37852C187578EB2357B3937AF0ABF16A/memberservice https://shops-si.trustedshops.com/shops/X37852C187578EB2357B3937AF0ABF16A https://trustbadge-logging.trustedshops.com; script-src 'strict-dynamic' 'nonce-02ad98d1fb64877f4888b946d886576d' 'nonce-53a34d3d3e6b45ca54ea4c8dfdbf3304' 'nonce-bf69460e2d5f485f3b8a209473bd3aad' 'nonce-2d5b7aab13320e883c36c4836e8a4dfe' 'nonce-d35394af06856e7bfc8725610e908c12' 'nonce-e10664ac24fa3c8590c09d342f44ff50' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.eteleon.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-02ad98d1fb64877f4888b946d886576d' 'nonce-53a34d3d3e6b45ca54ea4c8dfdbf3304' 'nonce-bf69460e2d5f485f3b8a209473bd3aad' 'nonce-2d5b7aab13320e883c36c4836e8a4dfe' 'nonce-d35394af06856e7bfc8725610e908c12' 'nonce-e10664ac24fa3c8590c09d342f44ff50' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net sdk.companywebcast.com https://ipapi.connectid.cloud *.google-analytics.com stats.g.doubleclick.net judxu4avx2.execute-api.eu-west-1.amazonaws.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com sdk.companywebcast.com https://staticcontents.investisdigital.com sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sdk.companywebcast.com streams.nfgd.nl; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' *.gewobag.de data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
default-src https:; script-src 'self' 'nonce-629m8xopD0Z6BN4GVYi0T8cxi8v0Bfzr' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-mhOcSRhK8GNFNMG5RxgBDP9ZS5l5fDZW' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'unsafe-inline' https: 1
default-src 'self' shop.bestservice.de shop.bestservice.com shop.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.google.com https://sentry.io https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.de mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.officereality.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com https://c918654.ssl.cf3.rackcdn.com fast.fonts.net; 1
upgrade-insecure-requests; report-uri /api/csp-report; base-uri 'none'; object-src 'none'; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' sdk.listenlive.co players.brightcove.net *.krxd.net js-agent.newrelic.com bam.nr-data.net vjs.zencdn.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com adservice.google.com storage.googleapis.com www.google.com *.2mdn.net optimize.google.com adservice.google.com adservice.google.ca googleads.g.doubleclick.net securepubads.g.doubleclick.net *.googlesyndication.com cdn.ampproject.org stats.g.doubleclick.net tagmanager.google.com imasdk.googleapis.com www.gstatic.com connect.facebook.net www.instagram.com cdn.syndication.twimg.com platform.twitter.com *.twitch.tv www.tiktok.com *.ibytedtos.com *.tiktokcdn.com www1.journaldemontreal.com www.youtube.com ping.chartbeat.com static.chartbeat.com static2.chartbeat.com *.hotjar.com *.hotjar.io cdn.jwplayer.com ssl.p.jwpcdn.com *.qub.ca insights.algolia.io s0.2mdn.net/instream/video/client.js *.scorecardresearch.com code.jquery.com ajax.googleapis.com s1.quebecormedia.com 1
script-src 'nonce-yAexIz7JagjjL+aAvvL4NCnjGZE=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com consent-cdn.swmh.de; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com consent-cdn.swmh.de; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com khaosat.me *.khaosat.me localhost:3000 *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com;img-src 'self' data: 'self' blob: *;sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-downloads;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net;media-src 'self' 'self' data: 'self' blob: khaosat.me 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://tinyurl.com *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://history.steem-engine.net https://servedby.revive-adserver.net https://pagead2.googlesyndication.com https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.steem-engine.net https://scot-api.steem-engine.net https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us https://apisct.cloud; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; child-src 'self' *.a-ads.com www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com livejournal.com www.google.com coub.com *.yandex.ru vk.com ok.com rutube.ru; script-src 'self' 'unsafe-inline' files.coinmarketcap.com ajax.googleapis.com app.sharpay.io www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' api.imgur.com *.golos.id wss://*.golos.id *.golos.today *.coinmarketcap.com app.sharpay.io www.google-analytics.com cdn.jsdelivr.net; report-uri /api/v1/csp_violation; object-src 'self'; plugin-types application/pdf; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' http:  https: bott-fs.kittelberger.net *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.servmetric.com *.govmetric.com *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' *.sernet.de *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1
default-src 'self'; script-src 'self' data: maps.googleapis.com maps.google.com https://ssl.google-analytics.com https://www.paypalobjects.com https://www.paypal.com/tagmanager/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: maps.googleapis.com maps.google.com *.gstatic.com *.gravatar.com *.ytimg.com *.paypal.com www.paypalobjects.com www.steelforlife.org www.steelconstruction.org https://ssl.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.paypal.com/webapps/hermes/api/logger https://www.paypal.com/xoplatform/logger/api/logger; frame-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; child-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; 1
policy-uri /'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.nets.eu http://*.nets.eu *.nets.eu https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google.com http://*.google.com *.google.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval' 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.google.com *.mouseflow.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.google.com https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://developers.google.com https://maps.googleapis.com https://embed.webinargeek.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.typekit.net;font-src https://fonts.gstatic.com data: *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://app.webinargeek.com *.mouseflow.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' doo.net *.doo.net *.db-app.de *.swmh.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.stry.tl *.podigee.com *.licdn.com *.linkedin.com consent-cdn.sv-veranstaltungen.de; object-src 'self'; style-src 'self' 'unsafe-inline' *.doo.net *.db-app.de www.google.com *.stry.tl *.podigee.com; img-src 'self' data: *.doo.net *.db-app.de www.youtube.com *.ytimg.com www.google.com www.google.de www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.stry.tl *.podigee.com *.linkedin.com; media-src 'self' www.youtube.com; frame-src 'self' doo.net *.doo.net securepay.swmh.de *.swmh.de *.db-app.de www.youtube.com www.youtube-nocookie.com *.ytimg.com www.google.com www.gstatic.com *.stry.tl *.screenpaper.io *.podigee.com consent-cdn.sv-veranstaltungen.de; font-src 'self' data: *.doo.net *.db-app.de www.google.com *.podigee.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com consent-cdn.sv-veranstaltungen.de stats.g.doubleclick.net 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.com mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
frame-ancestors scvr.co *.scvr.co 1
frame-ancestors http://my.rotary.org https://my.rotary.org http://my-cms.rotary.org https://my-cms.rotary.org 'self'; 1
default-src 'self' *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com siteimproveanalytics.com *.readspeaker.com *.obi4wan.com *.pusher.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' www.google-analytics.com *.siteimproveanalytics.io  data: *.obi4wan.com *.amazonaws.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com *.readspeaker.com; connect-src 'self' www.google-analytics.com *.readspeaker.com *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.zevenaar.nl app.cobrowser.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com app.cobrowser.com fonts.googleapis.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.zevenaar.nl www.gstatic.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.zevenaar.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.zevenaar.nl app.cobrowser.com wss://app.cobrowser.com fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net  ipapi.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; connect-src 'self' https://vimeo.com https://*.resengo.com https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://www.resengo.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://www.resengo.com https://*.resengo.com https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://www.resengo.com 'unsafe-inline'; 1
default-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au; script-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net cdn.curator.io s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.vision6.com.au www.google.com www.gstatic.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s.ytimg.com; style-src 'self' 'unsafe-inline' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.googleapis.com tagmanager.google.com cdn.curator.io; img-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com s7.addthis.com www.facebook.com pbs.twimg.com scontent-iad3-1.xx.fbcdn.net external-iad3-1.xx.fbcdn.net emarketing-au.s3-ap-southeast-2.amazonaws.com *.xx.fbcdn.net; frame-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s7.addthis.com www.google.com; font-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.gstatic.com cdn.curator.io; connect-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au drwgdblqzrfiz.cloudfront.net cdn.curator.io api.curator.io m.addthis.com www.google-analytics.com stats.g.doubleclick.net; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de; frame-ancestors 'self'; 1
default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.entrecode.de https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com bat.bing.com *.doubleclick.net *.usercentrics.eu https://connect.facebook.net https://snap.licdn.com; object-src ; style-src 'unsafe-inline' *; img-src * data:; media-src *; child-src 'self' *.t5-karriereportal.de *.youtube.com *.googlevideo.com *.doubleclick.net *.googlesyndication.com; font-src * data:; connect-src * *.entrecode.de; manifest-src 'self' 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kaartviewer.nl https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.kaartviewer.nl; img-src 'self' data: geodata.nationaalgeoregister.nl *.kaartviewer.nl *.siteimproveanalytics.io *.ytimg.com *.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.kaartviewer.nl; report-uri /report-csp-violation 1
default-src 'self'; img-src https://www.google-analytics.com 'self' data: blob:; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-inline' https://www.elektronicznypodpis.pl https://chrome.google.com  https://addons.opera.com 'unsafe-eval' */pdf.js */viewer.js blob:; connect-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; child-src 'self' blob:; 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
frame-ancestors self; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com s.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com playout.3qsdn.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://c.evidon.com https://munchkin.marketo.net https://stats.sa-as.com https://www.google-analytics.com https://zscalertwo.net https://*.zscalertwo.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: https://l.betrad.com https://c.evidon.com https://stats.sa-as.com; media-src 'self' https: data: blob:; frame-src 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; frame-ancestors 'self' https://na-sj25.marketo.com/ https://*.zscalertwo.net; child-src 'self'; font-src 'self' https: data: blob: http://go.gewwmarketing.com/; connect-src 'self' https: https://324-zbg-118.mktoresp.com; report-uri /report-csp-violation 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com 1
default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-8435eaea8c5db0529e9a5be00e087886' 'nonce-d2f5d10121acc7aea98bc60c72ed02fe' 'nonce-03f286b3c259c946f026274186e67c82' 'nonce-a57c8b5d4c2c5d1a1a77a1d513ff167f' 'nonce-3f3b5acf0fb4db709c0bb43b25956d2a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8435eaea8c5db0529e9a5be00e087886' 'nonce-d2f5d10121acc7aea98bc60c72ed02fe' 'nonce-03f286b3c259c946f026274186e67c82' 'nonce-a57c8b5d4c2c5d1a1a77a1d513ff167f' 'nonce-3f3b5acf0fb4db709c0bb43b25956d2a' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
base-uri 'https://*.pchome.co.th'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com  *.gwb-lernen.com *.expo-ip.com https://*.crisp.chat wss://*.crisp.chat data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  http://tag.myaspectra.ch  https://verify.certifaction.com ; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.google.com https://verify.certifaction.com ; font-src 'self' https://fonts.gstatic.com  https://verify.certifaction.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' http//tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
frame-ancestors self; report-uri https://test-t6dnbai-mdsspx7hgy47g.au.platformsh.site/report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de; script-src 'strict-dynamic' 'nonce-ead215092d3f1e4153a2bad0dbb1b823' 'nonce-ec250543e5eef55ff517b35e42257abd' 'nonce-6805e4e55b86e866ed30f2b7b37dde68' 'nonce-409d4e8945d11109628f325259fe1d5e' 'nonce-3d18fd934e0b4048e3b7f2d4dd241bf8' 'nonce-2fc76bb35b137c67e377ca7df1e961e0' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ead215092d3f1e4153a2bad0dbb1b823' 'nonce-ec250543e5eef55ff517b35e42257abd' 'nonce-6805e4e55b86e866ed30f2b7b37dde68' 'nonce-409d4e8945d11109628f325259fe1d5e' 'nonce-3d18fd934e0b4048e3b7f2d4dd241bf8' 'nonce-2fc76bb35b137c67e377ca7df1e961e0' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' www.sf360.com.au 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.checkfreescore.com static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io; style-src 'self' 'unsafe-inline' *.checkfreescore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.checkfreescore.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.twitter.com *.pagesense.io www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.purechat.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-30002f9e0dd294e14d0d00fb44bdc772' 'nonce-7e951bcd3b7d0d74f5cee792348cbd84' 'nonce-9687e2864388a258a1161ffca157fc8a' 'nonce-ffe9249d40ed89954ce979342677f2a5' 'nonce-bd19551c87574973fc29d722f47789e3' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-30002f9e0dd294e14d0d00fb44bdc772' 'nonce-7e951bcd3b7d0d74f5cee792348cbd84' 'nonce-9687e2864388a258a1161ffca157fc8a' 'nonce-ffe9249d40ed89954ce979342677f2a5' 'nonce-bd19551c87574973fc29d722f47789e3' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.neu content.adfox.ru *.googleapis.com *.yandex.net *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.stripe.com https://*.windriverfinancialgateway.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mepspay.com *.perk0mean.com *.jquery.com *.cloudflare.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; img-src 'self' mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; connect-src 'self' wss://mepspay.com mepspay.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net *.gstatic.com *.twitter.com *.linkedin.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.hotjar.com *.google.com *.google.net *.google.jo; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' *.udldigital.de chart.apis.google.com  maps.gstatic.com *.googleapis.com developers.google.com *.telefonica.de *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1
default-src 'self'  ;script-src 'self'   'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline'  ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org ; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
allow default-src 'self'; script-src *.google-analytics.com *.googletagmanager.com *.adriver.ru https://login.mts.ru https://mc.yandex.ru http://count.mgts.ru https://cdn.rutarget.ru https://tags.soloway.ru https://clickcount.mgts.ru https://st.mgts.ru 'self' 'unsafe-inline'; connect-src https://mc.yandex.ru https://login.mts.ru 'self';  frame-src https://content.adriver.ru https://tag.rutarget.ru 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src *.doubleclick.net *.google-analytics.com *.adriver.ru https://mc.yandex.ru http://count.mgts.ru https://vk.com https://www.google.com https://www.google.ru https://clickcount.mgts.ru https://st.mgts.ru 'self' data:; report-uri /amserver/UI/csp-report; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.smithwicksexperience.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.myfonts.net *.hotjar.com *.facebook.net; object-src 'self' https: *.smithwicksexperience.com ; style-src 'self' 'unsafe-inline' https: *.smithwicksexperience.com fonts.googleapis.com footer.diageohorizon.com *.myfonts.net; img-src 'self' https: data: *.smithwicksexperience.com *.googleapis.com *.gstatic.com analytics.twitter.com d.adroll.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.ie www.google-analytics.com *.hotjar.com *.facebook.com; frame-src 'self' https: *.smithwicksexperience.com *.worldnettps.com www.youtube.com *.hotjar.com; font-src 'self' https: *.smithwicksexperience.com data: *.myfonts.net *.gstatic.com *.hotjar.com; connect-src 'self' https: *.smithwicksexperience.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com; media-src 'self' https: *.smithwicksexperience.com 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline'; font-src 'self' app.workfrontfusion.com/static data:; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com usage.trackjs.com; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com capture.trackjs.com; frame-src 'self' app.workfrontfusion.com/static; script-src 'self' cdn.trackjs.com; object-src 'self' app.workfrontfusion.com/static 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.water-garden.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.doubleclick.net https://*.doubleclick.net *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com i.reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com; frame-src 'self' *.googleadservices.com *.doubleclick.net https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com https://*.google.com https://*.google.co.uk *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.googleadservices.com https://googleadservices.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com; child-src *.googleadservices.com https://googleadservices.com; image-src *.googleadservices.com https://googleadservices.com; object-src https://seal.verisign.com d1ros97qkrwjf5.cloudfront.net *.zopim.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net *.hsadspixel.net js.hs-banner.com *.hs-banner.com *.sumo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no *.nautique.tv micro-cdn.sumo.com; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com *.nautique.tv; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.hubapi.com; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' http://*.konstarmall.com 1
default-src 'self' detergents.lidl-info.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src https: 'unsafe-inline'; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1
default-src 'self' data: *.avaus.io *.avaus.com *.avaus.fi *.avaus.se *.facebook.net *.google.fi *.bizographics.com *.linkedin.com *.facebook.com *.marketo.com *.mktoresp.com *.marketo.net *.juicer.io *.instagram.com *.google.com *.google.se *.googleanalytics.com *.appspot.com player.vimeo.com *.vimeocdn.com cdnjs.cloudflare.com use.fontawesome.com *.adform.net *.google-analytics.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.google.pl *.youtube.com *.ytimg.com *.ggpht.com *.vendemore.com *.cookiebot.com *.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.slideshare.net *.slidesharecdn.com app.interactiveads.ai leadfeeder.com *.leadfeeder.com *.lfeeder.com snap.licdn.com bot.leadoo.com *.adobedtm.com *.demdex.net *.cookielaw.org *.pardot.com smartslider3.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' piwik.vught.nl; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' piwik.vught.nl data:; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.vught.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://p.adsymptotic.com/ https://wb.messengerpeople.com/ https://www.baufi-lead.de/ https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://fondsfinanzfilme1.s3-external-3.amazonaws.com/ https://fondsfinanzfilme1.s3.amazonaws.com/ https://europace2.de/ https://www.europace2.de https://widget.msgp.pl https://www.yumpu.com; script-src 'self' 'unsafe-inline' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.baufi-lead.de/;frame-ancestors 'self' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de www.rd-rhein-main.com www.finanzmakler-weimar.de www.finanzbonus.com www.afp-makler.de www.afp-regionaldirektion.de www.makler-mehrwert.de www.fuvb.eu www.allfinanz-sachsen.de www.bimi-maklernetzwerk.de www.kapitalrente.de www.osthessen-versicherung.de www.nickl-versicherungsmakler.com www.ohzversicherungen.de www.1aversicherungen.de www.ms-finanzen.de www.versicherungsmakler-pinneberg.de www.wilke-finanz.de 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.wagnergroup.com *.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com vjs.zencdn.net hello.myfonts.net snap.licdn.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://siteimproveanalytics.com 'unsafe-eval'; style-src 'unsafe-inline' 'self' fonts.googleapis.com vjs.zencdn.net hello.myfonts.net; img-src 'self' data: www.wagnergroup.com www.google-analytics.com maps.googleapis.com csi.gstatic.com maps.gstatic.com stats.g.doubleclick.net px.ads.linkedin.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://ssl.siteimprove.com; connect-src 'self' www.youtube.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; object-src 'self' www.youtube.com http://conv.indeed.com https://c.leadlab.click; frame-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; child-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; font-src 'self' data: vjs.zencdn.net fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com www.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.google-analytics.com *.gstatic.com; media-src 'self'; frame-src 'self' *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.google-analytics.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'self' https://p.scdn.co; child-src https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://admin.spotlight.prod.fined.io; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.plyr.io https://noembed.com https://vimeo.com https://apps.ticketmatic.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://i.ytimg.com https://i.vimeocdn.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn.plyr.io https://www.youtube.com https://s.ytimg.com https://player.vimeo.com 'nonce-c4b68bd62a58e679' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdn.plyr.io 'nonce-c4b68bd62a58e679'; 1
frame-ancestors *; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' piwik.bodegraven-reeuwijk.nl https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 app.trengo.eu; object-src 'self'; style-src 'self' 'unsafe-inline' app.trengo.eu; img-src 'self' piwik.bodegraven-reeuwijk.nl data: https://*.giphy.com https://s3.eu-central-1.amazonaws.com https://trengo.s3.eu-central-1.amazonaws.com; media-src 'self' https://static.widget.trengo.eu; frame-src 'self' bodegravenreeuwijk.kaartviewer.nl; frame-ancestors 'self' piwik.bodegraven-reeuwijk.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com s3.eu-central-1.amazonaws.com; connect-src 'self' https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com app.trengo.eu; report-uri /report-csp-violation 1
default-src www.pranfoods.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com *.google.com *.gstatic.com  cdn.rawgit.com cdn.bootcss.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.rawgit.com maxcdn.bootstrapcdn.com cdn.bootcss.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com csi.gstatic.com maps.gstatic.com maps.google.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube-nocookie.com *.google.com *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'none'; default-src 'none'; child-src https://www.googletagmanager.com/ns.html https://online.worldpay.com https://www.youtube.com https://e.issuu.com https://widgets.doctify.co.uk https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://kingedwardvii.us8.list-manage.com https://online.worldpay.com https://www.facebook.com; frame-ancestors 'none'; img-src 'self' https://www.cqc.org.uk https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ssl.gstatic.com https://img.youtube.com https://www.facebook.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.cqc.org.uk https://cdn.worldpay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com https://www.google.co.uk https://widgets.doctify.co.uk https://connect.facebook.net https://static-ssl.responsetap.com https://metrics.responsetap.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://www.cqc.org.uk https://tagmanager.google.com 'unsafe-inline'; upgrade-insecure-requests 1
img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.XYX *.google.com *.google.fr  *.googleadservices.com *.gstatic.com   *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src *.tawk.to *.googletagmanager.com *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com *.facebook.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au   *.facebook.com *.fbcdn.net *.facebook.net *.googleadservices.com *.google.fr *.doubleclick.net *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv; connect-src 'self' whaleshares.io pubrpc.whaleshares.io fn.wls.social api.whaleshares.io www.google-analytics.com; default-src 'self' whaleshares.io www.youtube.com staticxx.facebook.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com www.googletagmanager.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com/  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com ; object-src 'self'; style-src 'self' 'unsafe-inline' http://cdn.ckeditor.com; img-src 'self' http://cdn.ckeditor.com; media-src 'self' https://youtube.com; frame-src 'self' https://www.youtube.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://optimize.google.com; style-src data: 'self' 'unsafe-inline' *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src * data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com; media-src *; font-src * https://fonts.gstatic.com https://checkout.orangefit.nl data:; connect-src * data: blob: 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.criteo.com *.vimeo.com *.hotjar.com https://optimize.google.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss: 1
default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self'  https://www.google.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'  https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google.com *.fontawesome.com *.bootstrapcdn.com *.newrelic.com *.nr-data.net *.pricespider.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.bootstrapcdn.com *.pricespider.com; img-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net *.googleapis.com data:  *.gstatic.com legal.bbulibrary.com *.pricespider.com; frame-src 'self' *.google.com *.youtube.com; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vrmwb.nl www.googletagmanager.com *.google-analytics.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' *.google-analytics.com *.openstreetmap.org data:; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; connect-src 'self' *.google-analytics.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self' https://www.googletagmanager.com https://use.fontawesome.com https://*.youtube.com https://www.google-analytics.com https://*.googlevideo.com 1
default-src 'self'; connect-src 'self' http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.google.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.adsrvr.org https://connect.facebook.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://smartzonessva.com https://*.ytimg.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://*.gravatar.com; img-src 'self' data: https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.facebook.com https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.google-analytics.com https://*.doubleclick.net https://*.gravatar.com; media-src 'self' data:; frame-src 'self' https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.bootstrapcdn.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' 1
default-src 'self'; child-src 'self' *.youtube.com *.bayern.de; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com embed.typeform.com tagmanager.google.com; object-src 'none'; style-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com tagmanager.google.com; frame-src 'self' www.google.com uniqgift.typeform.com; font-src 'self' data: ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com www.gstatic.com fonts.gstatic.com; img-src 'self' www.googletagmanager.com ssl.gstatic.com www.gstatic.com uq456.digito.com.sg 1