Values for x-webkit-csp:
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 40
default-src 'self' 'unsafe-inline' 36
report-uri /report-csp-violation 31
default-src 'self' 25
report-uri /report-csp-violation; upgrade-insecure-requests 15
frame-ancestors 'self' 14
default-src 'self'; script-src 'self' 'unsafe-inline' 13
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation 11
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net 11
allow 'self'; 11
frame-ancestors 'none' 11
referrer origin 10
default-src 'self'; 9
frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 7
frame-ancestors 'self' weleda.sabio.de 7
frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 6
connect-src * 'self' 6
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 6
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https: 6
report-uri //report-csp-violation 5
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
frame-ancestors 'self' *.oui.sncf; report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 4
base-uri 'self'; style-src 'self'; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'none' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 4
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io; frame-src *.google.com *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv cdn.jwplayer.com; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io cms.sqat.eu; frame-ancestors 'self'; 4
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au mipubapistorageprod.blob.core.windows.net; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net; frame-src 'self' *.youtube.com *.vimeo.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com 4
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' 4
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de *.cloudfront.net jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com polo.feathr.co analytics.tiktok.com 3
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 3
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 3
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 3
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 3
frame-ancestors 'self' piwik.betaalvereniging.nl; 3
default-src 'self' https: *.daimler.com *.slidesync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.daimler.com *.slidesync.com *.usercentrics.eu js.api.here.com narando.com cdn.podigee.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.daimler.com *.slidesync.com js.api.here.com cdn.podigee.com player.podigee-cdn.net; img-src 'self' https: blob: data: *.daimler.com *.slidesync.com *.usercentrics.eu *.api.here.com player.podigee-cdn.net; frame-src *.daimler.com slidesync.com www.youtube-nocookie.com live.comsatmedia.com embed.gomexlive.com daimler.gomexlive.com my.matterport.com service.mercedes-benz-classic.com app.usercentrics.eu *.narando.com cdn.podigee.com player.podigee-cdn.net; font-src 'self' *.daimler.com assets.slidesync.com cdn.podigee.com player.podigee-cdn.net js.api.here.com fonts.gstatic.com; connect-src 'self' https: wss: blob: *.daimler.com *.slidesync.com *.podigee.com *.podigee.io player.podigee-cdn.net *.api.here.com *.hereapi.com; worker-src 'self' blob: 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development 2
frame-src atlas.geomer-maps.de app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 2
report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de spaceview.netzlabor.de; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org spaceview.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.cloudfront.net *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.cloudfront.net *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.cloudfront.net; frame-src 'self' multimedia.gsb.bund.de *.youtube.com *.openstreetmap.org; frame-ancestors 'self'; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com fast.wistia.com; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com fast.wistia.com fast.wistia.net embed-fastly.wistia.com/ secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com embedwistia-a.akamaihd.net *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net pi.pardot.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz *.fls.doubleclick.net; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embed-fastly.wistia.com embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: embedwistia-a.akamaihd.net www.podbean.com fast.wistia.net 2
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io; report-uri /csp-report; script-src blob: www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg 2
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 2
frame-src 'self' blob: *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net; font-src 'self' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com; style-src 'unsafe-inline' 'self' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com www.recaptcha.net; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
deafult-src 'self' 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za; frame-src https://www.oldmutual.co.za/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com;; frame-ancestors https://secure.rewards.oldmutual.co.za/ 2
upgrade-insecure-requests 2
default-src 'self' *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: blob: data:; style-src 'self' *.buderus.com buderus.com 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com s15923.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co s15923.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.gstatic.com *.newrelic.com; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.twitter.com *.twimg.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com twemoji.maxcdn.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 2
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com az551914.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com; img-src data: 'self' www.burkert.com www.google-analytics.com event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com fast.fonts.net *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com; font-src 'self' www.burkert.com *.buerkert.de fast.fonts.net data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com; frame-src 'self' *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.olark.com *.issuu.com; worker-src 'self' blob: 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 2
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com connect.facebook.net 'unsafe-inline' 'unsafe-eval' 2
defult-src 'self' 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
frame-ancestors scvr.co *.scvr.co 2
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com blob:; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net csi.gstatic.com c.pub.network d.pub.network display.bfmio.com *.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com ssc.33across.com gw.geoedge.be *.doubleverify.com request-global.czilladx.com c.amazon-adsystem.com *.flashtalking.com *.czilladx.com czilladx.com coinzillatag.com coinzilla.com *.yahoo.com *.3lift.com *.adroll.com *.serving-sys.com *.googlesyndication.com *.steelhousemedia.com *.servenobid.com sdk.streamrail.com api.vidiom.net *.streamrail.net *.spotxchange.com *.advertising.com *.yieldoptimizer.com *.doubleclick.net *.buysellads.net *.1rx.io *.rtb-seller.com catchjs.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com *.hwcdn.net *.acuityplatform.com; font-src data: fonts.gstatic.com steemitdev.com steemit.com steemitwallet.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
policy-uri /parivahan//'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors rki-editor.preview.gsb.intranet.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net  chatbot.it.bund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de chatbot.it.bund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events chatbot.it.bund.de doo.net/de-de/widget/ data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de chatbot.it.bund.de; frame-ancestors 'self'; 1
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src 'self'; object-src 'none'; block-all-mixed-content; script-src 'self' 'nonce-159ed306-67b0-43c4-a1ff-04740db6ff11' https://*.groww.in/ wss://*.groww.in/ https://*.freshchat.com/ https://*.webengage.com/ http://cdn.widgets.webengage.com/ https://connect.facebook.net/ https://*.razorpay.com/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://storage.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://www.google-analytics.com/ https://ssl.google-analytics.com https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.google.com/ https://www.google.co.in/ https://fonts.googleapis.com/; img-src 'self' data: blob: https://groww.in/ https://*.groww.in/ https://img.youtube.com/ https://s3.amazonaws.com/cdn.freshdesk.com/ https://viewlogo.s3.amazonaws.com/ https://wchat.freshchat.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://www.google.com/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect https://www.google.co.in/ads/ga-audiences; style-src 'self' https://*.groww.in/ 'unsafe-inline' https://accounts.google.com https://wchat.freshchat.com/; font-src 'self' https://*.groww.in/ data:; connect-src 'self' data: https://*.groww.in/ wss://*.groww.in/ https://*.webengage.com/ https://*.bugsnag.com/ https://*.razorpay.com/ https://*.delighted.com/ https://accounts.google.com https://www.google-analytics.com/ https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://*.googleapis.com/; frame-src 'self' https://*.webengage.co https://*.google.com/ https://www.youtube.com/ https://www.facebook.com https://*.groww.in/ wss://*.groww.in/ https://wchat.freshchat.com/ https://growwapi.firebaseapp.com/; media-src https://*.groww.in/ blob: 1
default-src 'self' fast.wistia.net noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de data: blob: ; frame-ancestors 'self'  1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com googletagmanager.com cdn.ravenjs.com ssl.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com 'nonce-LJugJfrg8FIQipkJl1hNPLyWk0Q7sB49lDT2T1KlNYByxmyh'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'none'; style-src 'self' use.typekit.net p.typekit.net cdn.embedly.com cdn.integromat.com fonts.googleapis.com 'unsafe-inline' cdn.integromat.com www.integromat.com static.integromat.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: use.typekit.net script.hotjar.com cdn.embedly.com fonts.gstatic.com cdn.integromat.com fonts.gstatic.com; img-src 'self' data: *.integromat.com secure.gravatar.com usage.trackjs.com stats.g.doubleclick.net www.google-analytics.com img.youtube.com www.youtube.com www.facebook.com t.co script.hotjar.com twitter.com self cdn.integromat.com static.integromat.com www.google.com api.producthunt.com; connect-src 'self' *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.mixpanel.com www.google-analytics.com stats.g.doubleclick.net api-cdn.embed.ly api.segment.io *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src 'self' www.facebook.com www.youtube.com vars.hotjar.com cdn.embedly.com frame.hotjar.com vars.hotjar.com; script-src 'self' www.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com static.hotjar.com script.hotjar.com cdn.mxpnl.com cdn.embedly.com cdn.segment.com cdn.integromat.com cdn.integromat.com static.integromat.com code.jquery.com static.hotjar.com script.hotjar.com www.googletagmanager.com 'unsafe-inline'; object-src 'self'; media-src 'self' cdn.integromat.com; manifest-src 'self' cdn.integromat.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com *.google.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
;frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://*.amazonpay.com https://apac.account.amazon.com https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; default-src 'self'; 1
frame-ancestors *.payback.de 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://speech.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-XwQT/PsFMy+rKSB4vlW93i5lrzIRaGmPC3M2D0C3ZKU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ 'sha256-xa51hFBsKVs5oNbE781o57zeanVYlR2Fas1LOYkxyug=' 'sha256-rawHpf1P2aNdh6tn+KPlMS54GDrP3VvLCRholyMzSxc=' 'sha256-8OAeITVpiXw+5549h526FKKyW1v5kKdfVcAuo9vm4PQ=' 'sha256-55mJfG7qeFbg5MYhKlFtEnt7dchMg5Zgw7787nun6jA=' 'sha256-6g6g/1St1GbEzTIpeDRD6HvZRUEdLCpIl18bLpP3BfQ=' 'sha256-ottfgREKtTpHEjgV3bOLHqyKsVfvHWiSA1VgxvzPLL8=' 'sha256-S0uRMRh2Bj6im1RVrQB0CPlaDfiEha66qA4u5FXxjFw=' 'sha256-ilORk9YiiP++OHMTPBVAueJQM0Mg35oRj+yq3CJSbF0=' 'sha256-LJWTHYRBGrzLiL7qbzcWsQKGIg69yZOKI9XAono8pKI=' 'sha256-S2Vkh+7++wRSyicSBMtPbcyaxwXZbOZICxUJzh81hKM=' 'sha256-5tjEBAZDuThDj/m5zA/+fRYSXoxfEOF7gkJ985V2u6g=' 'nonce-162768799919100' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src * data: https://optimize.google.com https://script.hotjar.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com https://www.facebook.com; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
script-src 'nonce-e46c762569db43318d217298c25740cd' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 wss://wallex.ir:8443 wss://www.wallex.ir:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www. .com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.comhttps://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com https://*.alexa.com https://cdn.polyfill.io https://www.gstatic.com https://*.crisp.chat wss://*.crisp.chat wss://stream.binance.com:9443 wss://wsc.wallex.ir wss://wsc.wallex.ir:8443 wss://ws.wallex.ir https://*.wallex.ir https://wallex.market https://*.yektanet.com https://*.hotjar.com wss://*.hotjar.com; 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com; report-uri /api/v1/csp_violation 1
upgrade-insecure-requests; 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com blob: https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.google.co.in https://*.google.co.* https://maps.gstatic.com https://maps.googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com http://gcp.stage.halodoc.com http://gcp.prod.halodoc.com https://web.prod.halodoc.com http://localhost:14000 https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
frame-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com static.addtoany.com www.youtube.com *.google.com; frame-ancestors *.nio.com *.nio.cn *.internal.nio.io *.nioint.com *.meetanyway.com static.addtoany.com www.youtube.com *.google.com; child-src *.nio.com *.nio.cn *.meetanyway.com *.internal.nio.io *.us-west-2.elb.amazonaws.com *.vimeo.com *.polyv.com static.addtoany.com www.youtube.com *.google.com; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.zionsbank.com https://*.zionsbank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.zionsbank.com https://*.zionsbank.com https://*.zionsbank.com https://*.cludo.com  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://googleads.g.doubleclick.net https://*.pages05.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com 'unsafe-eval'; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.zionsbank.com https://*.zionsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self'; frame-src 'self' data: 'unsafe-inline' http://*.zionsbank.com https://*.zionsbank.com https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net  https://*.sumome.com https://*.sumo.com https://sumo.com https://*.sndcdn.com https://*.soundcloud.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com https://*.online-metrix.net; frame-ancestors 'self' https://banking.zionsbank.com https://*.sndcdn.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
: default-src * 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1
default-src 'self'; frame-src 'self'  http: https:; script-src 'self'  sha384-o/50JGkexNN+nF8Dlr/69A07YiE2zEDlAJlHjG3VT9K1PylWnCTkXymBJBYDSWXm https://www.youtube.com https://s.ytimg.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com 'unsafe-inline'; font-src 'self'  data:; img-src 'self'  https: http: blob: data:; style-src 'self'  'unsafe-inline'; connect-src 'self'  https://www.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://feed-proxy.craftcms.com https://api.craftcms.com https://www.facebook.com; media-src 'self'  http: https:; object-src 'self' ; 1
default-src 'self'; frame-src 'self' https://w.soundcloud.com/ https://spark.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://spark.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; connect-src 'self' https://nextgen.kajomigenerator.de https://*.ekir.de  https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self';  style-src 'self' 'unsafe-inline' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-p04ICvhv5V9PJfG9AnM4+4t8eCcdnUhEP7BSwEKl+Es=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net api.trongrid.io sun.tronex.io steemitwallet.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com staticfiles.steemit.com localhost:8080; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com https://w.soundcloud.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' fast.fonts.net; object-src *.youtube.com www.youtube.com *.ytimg.com *.googlevideo.com *.vhall.com e.vhall.com https://player.soundcloud.com; 1
default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.monsido.com; frame-src 'self' staticcdn.co.nz *.dwcdn.net *.infogram.com radian.mintdesign.co.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com; frame-ancestors 'self'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: staticcdn.co.nz shielded.co.nz *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com; media-src 'self' crowdriff-video-upload.s3.amazonaws.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 1
default-src 'self' http: https:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.linkedin.com https://www.youtube.com https://maps.googleapis.com https://polyfill.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' data: http: https:; media-src 'self' 'unsafe-inline' https:; frame-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.s3.eu-west-2.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com www.recaptcha.net www.gstatic.com script.hotjar.com static.hotjar.com d.impactradius-event.com bat.bing.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com www.google.com www.recaptcha.net; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' https://bat.bing.com http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.google.com https://webto.salesforce.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.cludo.com https://*.adsrvr.org https://connect.facebook.net https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.facebook.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/  ; script-src 'unsafe-inline' 'unsafe-eval' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; object-src 'self' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; style-src 'unsafe-inline' https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; img-src data: https://www.ticimax.com/ https://www.destekalani.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; media-src *; frame-src 'self' https://*.ticimax.com/ https://*.destekalani.com/ https://www.youtube.com/ https://*.vimeo.com/; font-src * 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://www.google.co.nz https://i.vimeocdn.com data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'nonce-NGFhN2M2MmRjZWI2MDI1MzU1YTcxYzE1M2M2NDMxNmVlYmE0MmJmNTYzOGE5N2EzZDkyYmRmYjU5NzJiMGY2NDBhZTM5ZDk5NTQ3MDIzYzU0OWM2NDllNGFhZTIwYWZhMWIzOTBjZDk5YjFiMDc0OWI3YjVlOWQxNjJjN2VhMmY=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-6bb4ffb24d8700be369b7adf5e916121' 'nonce-6ed2d3ec22c7638e05bacea44acdfa26' 'nonce-493933931ccd9adc3b105eab12e216a9' 'nonce-583fc28027c391284a31d9941beda080' 'nonce-059b02f280b492045e40b7a89cafb55e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6bb4ffb24d8700be369b7adf5e916121' 'nonce-6ed2d3ec22c7638e05bacea44acdfa26' 'nonce-493933931ccd9adc3b105eab12e216a9' 'nonce-583fc28027c391284a31d9941beda080' 'nonce-059b02f280b492045e40b7a89cafb55e' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com https://www.youtube.com/; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net; report-uri //report-csp-violation 1
default-src 'self' localhost https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inc.systran.net https://www.google-analytics.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://inc.systran.net; frame-src auth.systran.net https://inc.systran.net https://trs.systran.net 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: http://www.trier.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js https://www.dw.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' cmsv2.zebrix.net 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self' data:; object-src 'none'; script-src 'nonce-9baMMjpuh0JXRxigTu29XQ==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com https://svc.webspellchecker.net https://www.google-analytics.com https://signup-collector.e2ma.net https://connect.facebook.net https://www.facebook.com; report-uri /report-csp-violation 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com t37f1ccd5.emailsys1c.net;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src       'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src         'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com consent.cookiebot.com consentcdn.cookiebot.com youtube.com www.youtube.com public.tableau.com;connect-src 'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings t37f1ccd5.emailsys1c.net; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data: https://fonts.gstatic.com https: 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-5037967ab4973fe66db51d7518204bfa' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js;      img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org; 1
base-uri *; child-src * data: blob: filesystem: mediastream:; form-action *; frame-ancestors *; connect-src * data: blob: filesystem: mediastream:; font-src * data: blob: filesystem: mediastream:; frame-src * data: blob: filesystem: mediastream:; img-src * data: blob: filesystem: mediastream:; media-src * data: blob: filesystem: mediastream:; object-src * data: blob: filesystem: mediastream:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream:;  default-src *; report-uri https://listenercare.siriusxm.com/prweb/PRServletCustom/2mCjkZJmJzIb2YFZHOYfCw%5B%5B*/!STANDARD 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.gstatic.com;img-src * blob:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
frame-ancestors https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://www.gstatic.com/charts/ http://www.google-analytics.com https://ssl.google-analytics.com https://*.gstatic.com/feedback/ https://www.gstatic.com/charts/ https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://www.gstatic.com/charts/ https://docs.google.com/; img-src * data: blob:; font-src *; 1
default-src=self 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu aggregator.service.usercentrics.eu https://www.gstatic.com https://*.3qsdn.com https://*.jameda-elements.de www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.usercentrics.eu aggregator.service.usercentrics.eu https://*.3qsdn.com https://*.jameda-elements.de/ www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com tagmanager.google.com sc.01.sana-apps.de *.zscaler.net; img-src * data:; style-src 'self' 'unsafe-inline' https://*.3qsdn.com fonts.googleapis.com; media-src 'self' blob: https://*.3qsdn.com; connect-src 'self' *.usercentrics.eu https://*.3qsdn.com vendorlist.consensu.org www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: https://*.3qsdn.com fonts.gstatic.com; frame-ancestors 'self' www.sanadaily.de localhost:* sc.01.sana-apps.de www.sana.de; frame-src 'self' sc.01.sana-apps.de www.sana.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com www.youtube-nocookie.com 466b13bd.sibforms.com *.livecoder.com player.vimeo.com *.zscaler.net *.sana.de virtualpro360.com 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net https://xilo.help; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net https://xilo.help; img-src 'self' blob: data: https://*.xilo.net https://xilo.help; media-src 'self' data: https://*.xilo.net https://xilo.help; frame-src *; font-src *; form-action 'self' https://*.xilo.net https://xilo.help; connect-src 'self' https://*.xilo.net https://xilo.help; prefetch-src 'self' https://*.xilo.net https://xilo.help; manifest-src 'self' https://*.xilo.net https://xilo.help; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce 1
default-src 'self' data: https: wss: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.allianz.pand.ai *.fontawesome.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.fontawesome.com; connect-src 'self' data: https: wss: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com *.allianz.pand.ai *.fontawesome.com 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru *.yoomoney.ru yookassa.ru geoadv-partner.yandex.ru *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com *.pricespider.com  *.salesforce.com *.force.com *.salesforceliveagent.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.pricespider.com  *.force.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au legal.bbulibrary.com *.googletagmanager.com *.pricespider.com; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com c.sharethis.mgr.consensu.org  *.force.com; font-src 'self' *.gstatic.com data:; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net *.google-analytics.com *.force.com; report-uri /'' 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri //report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.googleapis.com https://*.twitter.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://*.yotpo.com https://yotpo-editor-production.s3.amazonaws.com/ https://www.google-analytics.com tmlewin.imgix.net shift-uat.imgix.net https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com https://www.google.com/ads/ https://www.google.co.uk/ads https://www.google.co.uk/ads/ https://prf.hn https://www.ist-track.com https://cx.atdmt.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.googleadservices.com https://*.afterpay.com https://uktc.fospha.com https://public-content-store.torque-platform.com https://r1.trackedweb.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://www.ist-track.com https://bat.bing.com https://tpc.googlesyndication.com https://sc-static.net https://prf.hn/conversion https://tpc.googlesyndication.com/sodar https://aax-eu.amazon-adsystem.com https://tracking.myunidays.com https://www.googleadservices.com https://tag.mention-me.com http://www.google.com/pagead/ https://static.mention-me.com https://cdn.unidays.world https://api.myunidays.com https://snap.licdn.com https://assets.revlifter.io https://analytics.tiktok.com https://d2236hi0n02pja.cloudfront.net/1b36f6d6-438e-4525-9693-177c6f95ad4f.js https://www.googleadservices.com https://revlifter-js.s3-eu-west-1.amazonaws.com https://uktc.fospha.com https://static.trackedweb.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://www.googletagmanager.com https://*.optimizely.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://tr.snapchat.com https://aax-eu.amazon-adsystem.com https://tmlewin.official-coupons.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://insights.algolia.io https://*.yotpo.com https://*.afterpay.com https://*.optimizely.com https://*.instagram.com https://*.sciencebehindecommerce.com https://api.everythinglocation.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com/tr/ https://*.sentry.io https://cp.official-deals.co.uk https://cp.official-coupons.com https://devt.revlifter.com; font-src data: www.tmlewin.co.uk https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.yotpo.com https://fonts.gstatic.com; media-src 'self' https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com; form-action 'self' https://*.twitter.com https://www.tmlewin.com.au https://www.tmlewinshirts.eu https://www.tmlewin.co.uk https://www.tmlewin.com https://*.twitter.com https://www.facebook.com/tr/ https://tr.snapchat.com; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; prefetch-src 'self' *.boltdns.net *.googleapis.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com bat.bing.com/bat.js connect.facebook.net static.ads-twitter.com *.twitter.com snap.licdn.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net bat.bing.com static.ads-twitter.com t.co px.ads.linkedin.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com * *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com https://www.aicpa.org/bin/aicpaorg/uca?command=logout assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net o2.mouseflow.com players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com bat.bing.com *.facebook.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 1
connect-src 'self' https://api.github.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://www.google-analytics.com https://www.google.com https://www.google.es https://stats.g.doubleclick.net https://www.facebook.com/ https://px.ads.linkedin.com/ data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com data: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
frame-ancestors *.amboss.com 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-92IlB30+MMsfdlVzsEyNVHFV' 'nonce-zaIC8vtr1oqQGlqep7EL7YO7' 'nonce-upUDgnSuCJfYKrcanGSeAHK8' 'nonce-byZ5Q38FKY80uHoIM9GCuC71' 'nonce-ligIlce5dKxjvQXhFhbGc2Ce' 'nonce-85UsOzMszs7UMUeSZiraaYKy' 'nonce-K0fGaMSKCY1j4NRAMODWOiqZ' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://*.ndlah5p.com https://h5p.org https://*.ndla.no https://players.brightcove.net http://players.brightcove.net https://players.brightcove.net *.nrk.no http://nrk.no https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://www.youtube.com https://s.ytimg.com https://cdn.auth0.com https://vjs.zencdn.net https://httpsak-a.akamaihd.net *.brightcove.com *.facebook.net *.twitter.com *.twimg.com *.brightcove.net bcove.me bcove.video *.api.brightcove.com *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.edgefcs.net *.akafms.net *.edgesuite.net *.akamaihd.net *.analytics.edgekey.net *.deploy.static.akamaitechnologies.com *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net  *.gallerysites.net ndla.no *.ndla.no ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com cdnjs.cloudflare.com https://*.zendesk.com https://static.zdassets.com cdn.jsdelivr.net; frame-src blob: *.nrk.no nrk.no *.vg.no vg.no https://www.tv2skole.no/ https://www.scribd.com/ https://optimize.google.com https://www.youtube.com ndla.no *.ndlah5p.com https://h5p.org *.ndla.no *.slideshare.net slideshare.net *.vimeo.com vimeo.com *.ndla.filmiundervisning.no ndla.filmiundervisning.no *.prezi.com prezi.com *.commoncraft.com commoncraft.com *.embed.kahoot.it *.brightcove.net https://*.hotjar.com embed.kahoot.it fast.wistia.com https://khanacademy.org/ *.khanacademy.org/ *.vg.no/ *.facebook.com *.twitter.com e.issuu.com new.livestream.com livestream.com channel9.msdn.com tomknudsen.no www.tomknudsen.no geogebra.org www.geogebra.org ggbm.at www.imdb.com imdb.com miljoatlas.miljodirektoratet.no www.miljostatus.no miljostatus.no phet.colorado.edu lab.concord.org worldbank.org *.worldbank.org ted.com embed.ted.com embed.molview.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com *.twitter.com *.twimg.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: cdnjs.cloudflare.com https://*.hotjar.com cdn.jsdelivr.net; img-src 'self' https://*.ndla.no https://www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net http://metrics.brightcove.com https://httpsak-a.akamaihd.net https://*.boltdns.net https://www.nrk.no/ https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com https://ndla.zendesk.com *.facebook.com *.twitter.com *.twimg.com  data:; media-src 'self' blob: https://*.ndla.no *.brightcove.com brightcove.com; connect-src  'self'  https://*.ndla.no https://logs-01.loggly.com https://edge.api.brightcove.com https://*.brightcove.com https://bcsecure01-a.akamaihd.net https://hlsak-a.akamaihd.net ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.com:* https://www.google-analytics.com https://*.zendesk.com https://ekr.zdassets.com https://optimize.google.com https://ltiredirect.itslearning.com https://platform.itslearning.com cdn.jsdelivr.net 1
script-src 'self' cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' connect.facebook.net *.facebook.net *.stg.brandwire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval'; style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
1
frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site http://ila.lndo.site:8000; report-uri //report-csp-violation 1
default-src 'none'; script-src 'self' https://static.cryptomkt.com/ https://cdn4.mxpnl.com/ https://static.olark.com/ https://api.olark.com/ https://knrpc.olark.com/ https://assets.olark.com/; object-src 'self' https://static.cryptomkt.com/; style-src 'self' 'unsafe-inline' https://static.cryptomkt.com/ https://fonts.googleapis.com/ https://static.olark.com/; img-src 'self' data: https://static.cryptomkt.com/ https://log.olark.com/ https://static.olark.com/; media-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; frame-src 'self' https://static.cryptomkt.com/ https://static.olark.com/; font-src 'self' data: https://static.cryptomkt.com/ https://fonts.gstatic.com https://static.olark.com/; connect-src 'self' wss://worker.cryptomkt.com/ https://worker.cryptomkt.com/ https://api-js.mixpanel.com/ https://knrpc.olark.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org; 1
default-src 'self'; frame-src 'self' https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://*.googleadservices.com https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.online-metrix.net https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://www.google-analytics.com https://trendygolf.imgix.net https://production-trendygolf-1556104155.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://www.google-analytics.com https://ssl.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com https://graph.facebook.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://insights.algolia.io https://*.instagram.com https://*.sciencebehindecommerce.com https://www.facebook.com https://www.paypal.com https://stats.g.doubleclick.net https://graph.facebook.com https://*.cloudfront.net https://*.helpscout.net; font-src data: https://trendygolf.com; media-src 'self'; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
policy-uri /'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at 1
frame-ancestors *; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
default-src *; style-src *; connect-src * 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=bDz9qdYD42q0rUqm4cbdibGruEpVp2HxOQoLEDssAwsa%2BU8Xaq%2B8CJYY4DDMJ2lRLf8e%2FnFTPIMknxBzjyXQHQ%3D%3D; 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.com data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
base-uri 'self' 'report-sample'; block-all-mixed-content; form-action 'self' 'report-sample'; frame-ancestors 'self'; default-src 'none'; connect-src 'self' 'report-sample'; frame-src 'self' 'report-sample'; img-src 'self' data: 'report-sample'; font-src 'self' 'report-sample'; media-src 'self' 'report-sample'; manifest-src 'self' 'report-sample'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; report-uri /auktion/clients/csp_violation.php 1
frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self'  'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org; frame-ancestors 'none' 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /en/report-csp-violation 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com *.pricespider.com *.hotjar.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com  *.pricespider.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com   *.pricespider.com *.fbcdn.net; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.stripe.com https://*.windriverfinancialgateway.com 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src https:; style-src https: 'unsafe-inline'; img-src https: data:; media-src https:; font-src https: data:; connect-src https: wss:; frame-ancestors 'self' partner.approvalmax.com 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
default-src 'self' gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com *.google-analytics.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.gleamjs.io *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; media-src 'self' data: blob: https://*.kc-usercontent.com https://*.kontent.ai https://web-blog.wf.mk https://blog.webfactory.mk; img-src 'self' data: blob: https://*.kc-usercontent.com https://web-blog.wf.mk https://blog.webfactory.mk https://*.kontent.ai https://*.calendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.medium.com https://secure.gravatar.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'self'; frame-src 'self' https://calendly.com https://*.calendly.com https://youtube.com https://*.youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.embedly.com/; connect-src 'self' blob: data: https://sentry.io https://*.kenticocloud.com https://*.kontent.ai https://www.google-analytics.com https://www.googletagmanager.com https://calendly.com https://*.kc-usercontent.com https://*.calendly.com https://stats.g.doubleclick.net https://preview-deliver.kontent.ai https://web-blog.wf.mk https://blog.webfactory.mk https://*.hotjar.com https://*.hotjar.io; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.polyfill.io/v2/polyfill.min.js https://calendly.com https://*.calendly.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://calendly.com https://*.calendly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; report-uri /report-violation 1
default-src * 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-e62c27ce7b5845c12223342d61a96eb1' 'nonce-c58162a989c9c18f40dddce4dab981f8' 'nonce-26825a57c5331934c56a36cdcef9611c' 'nonce-d47385127db9faa88b41e527071a3630' 'nonce-cbe00f37a3b44d0603309b7fb222e7eb' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e62c27ce7b5845c12223342d61a96eb1' 'nonce-c58162a989c9c18f40dddce4dab981f8' 'nonce-26825a57c5331934c56a36cdcef9611c' 'nonce-d47385127db9faa88b41e527071a3630' 'nonce-cbe00f37a3b44d0603309b7fb222e7eb' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-f4e03492379539bd1f8ce92438a0fbce' 'nonce-d442e09b6e98316062251dce76725204' 'nonce-697a46c4e309b3f319b9998913b8761f' 'nonce-ce2449d96297d0200eb237353e2e3566' 'nonce-f2087731d6bd438bec1ec9ef2db14f54' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f4e03492379539bd1f8ce92438a0fbce' 'nonce-d442e09b6e98316062251dce76725204' 'nonce-697a46c4e309b3f319b9998913b8761f' 'nonce-ce2449d96297d0200eb237353e2e3566' 'nonce-f2087731d6bd438bec1ec9ef2db14f54' 'self' 'unsafe-inline' https: 'report-sample' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=0%2f1C%2ff%2bmj1IsRFCyKE4XujnGOw4j9sJ7iLXWKUSJh9QyPKss0Vqq4ZEKuNI9%2ffanKja06FgL8FObENeJ32k1e8Tu1YiCnXadtIpqQDCsrwvFhMbAqEq%2bsLIZSZhOR4O%2fIBbzjiB%2fVsfSXSkvcD8LsLwK9%2fJ%2bHJnP9%2fYs9lNNqvJ1NW%2fcL6bbnQdGfwNMlytmeRlnrpsov88tLjLJ4CE%2b4w%3d%3d; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' data:; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.cloudflareinsights.com; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.de mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
base-uri 'none'; default-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io 'nonce-803dd924d08d4a46a59ee88b2d4718ff48d854c3ccba' 'nonce-7766a68a25f8783fa653b4d5740422961d6eb49d8fa7' 'nonce-2a43b39c3201d7702cae0221c3034494886858ae9f4d' 'nonce-bf1f177bf46d91954e13376453c49233df7fb3dfcf14' 'nonce-0f63416c76be9641b1e12a126f78da7f594609c87eaa'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://track.hubspot.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com; connect-src 'self' https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; object-src 'none'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com banman.providermagazine.com host1.easypolls.net ajax.googleapis.com script.crazyegg.com cdn.calculatestuff.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com banman.providermagazine.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net widgets.calculatestuff.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 1
default-src self; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors self; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info sc-static.net *.konzertmeister.app 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inphota.com kit.fontawesome.com www.googletagmanager.com consent-manager.metomic.io consent-manager.confirmic.com platform.twitter.com syndication.twitter.com static.ads-twitter.com cdn.syndication.twimg.com analytics.twitter.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.googleadservices.com www.google.com www.google.ae https://www.gstatic.com/recaptcha/ connect.facebook.net aff.bstatic.com *.algolianet.com *.algolia.net ; report-uri https://gulfmultisport.inphota.com/en/security/csp-report; style-src 'self' 'unsafe-inline' *.inphota.com fonts.googleapis.com kit.fontawesome.com ka-f.fontawesome.com kit-free.fontawesome.com cdnjs.cloudflare.com translate.googleapis.com fast.fonts.net ; img-src data: blob: *; font-src fonts.gstatic.com ka-f.fontawesome.com kit-free.fontawesome.com fast.fonts.net; connect-src wss: *.inphota.com kit.fontawesome.com ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net api.rollbar.com *.inphota.com *.facebook.com *.algolia.net *.algolianet.com apipub.metomic.io apipub.confirmic.com cdn.plot.ly translate.googleapis.com t.co ; frame-src *.inphota.com www.facebook.com www.booking.com https://www.google.com/recaptcha/ www.youtube.com veloviewer.com translate.google.com www.googletagmanager.com ; frame-ancestors 'self' *.inphota.com adsc.ae www.adsc.ae therakhalfmarathon.com www.therakhalfmarathon.com cyclechallenge.ae www.cyclechallenge.ae 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net https://support.gale.com* https://www.google-analytics.com/analytics.js *www.google-analytics.com* https://translate.googleapis.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net  *.fonts.googleapis.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *www.aacpl.net/* *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com https://support.gale.com* https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.microsoft.com https://support.gale.com* https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://aacplnet-my.sharepoint.com* https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://sky.blackbaudcdn.net https://host.nxt.blackbaud.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.6connex.com; script-src 'self' code.jquery.com kit.fontawesome.com https://www.google.com https://www.googletagmanager.com http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdn.datatables.net https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval' 1
base-uri ; default-src https: 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.facebook.net *.cloudflare.com *.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com *.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.typography.com *.yolt.com; img-src 'self' data: https://www.google-analytics.com *.doubleclick.net https://www.google.com *.thisisdax.com; connect-src 'self' data: *.optimizely.com *.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com *.doubleclick.net *.google.com *.facebook.com; font-src 'self' data: ;; object-src 'none'; form-action 'self'; frame-ancestors data: https://www.googletagmanager.com https://www.google.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com stats.g.doubleclick.net geoid.investisdigital.com https://cookiemanager.investisdigital.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com brightcove.hs.llnwd.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://form.jotformeu.com https://cdn.jotfor.ms https://js.jotform.com https://widgets.jotform.io https://browser.sentry-cdn.com https://events.jotform.com https://static.dvinci-easy.com https://api.heycamp.de https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/de/local.js https://code.jquery.com;; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jotfor.ms http://www.al-ko.com https://widgets.jotform.io https://static.dvinci-easy.com;; img-src 'self' www.google-analytics.com https://www.facebook.com https://www.google.com https://cdn.jotfor.ms https://stats.g.doubleclick.net https://events.jotform.com https://www.heycamp.de https://cdn.cookielaw.org https://i3.ytimg.com https://www.google.ro  https://www.google.de  https://www.google.com;; media-src 'self'; frame-src 'self' https://www.google.com https://www.store-connector.com https://submit.jotformeu.com/ https://www.youtube.com/;; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com netdna.bootstrapcdn.com;; connect-src 'self' https://www.google-analytics.com *.onetrust.com https://cdn.cookielaw.org https://static.dvinci-easy.com https://alko-tech.dvinci-easy.com https://www.heycamp.de https://stats.g.doubleclick.net;; report-uri /en/report-csp-violation 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
base-uri 'self'; form-action 'self'; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.mucf.se; media-src 'none'; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com; font-src 'self'; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  http://tag.myaspectra.ch  https://verify.certifaction.com ; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.google.com https://verify.certifaction.com ; font-src 'self' https://fonts.gstatic.com  https://verify.certifaction.com ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' http//tag.myaspectra.ch http://0.gravatar.com data:  1
default-src https:;media-src 'self' www.wellsfargomedia.com www.wellsfargo.com;font-src 'self' data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com ceomedia.wf.com;base-uri 'self';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fd1744b059a702c'  unsafe-inline  unsafe-eval www.wellsfargo.com www.bing.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' www.bing.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com;object-src 'self' wifp.wellsfargo.com wifp.ceo.wellsfargo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
frame-ancestors 'self' https://www.kayak.fr 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com atsginc.wufoo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net  ipapi.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com consent-cdn.swmh.de; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com consent-cdn.swmh.de; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.citationsy.es *.stripe.com accounts.google.com tinyletter.com; 1
default-src 'none'; script-src 'self' https://static.uppercap.com/ https://www.google-analytics.com/; object-src 'self' https://static.uppercap.com/; style-src 'self' 'unsafe-inline' https://static.uppercap.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/; img-src 'self' data: https://static.uppercap.com/ https://s3.eu-central-1.amazonaws.com/uppercap-medias/ https://www.google-analytics.com/ www.googletagmanager.com ; media-src 'self' https://static.uppercap.com/; frame-src 'self'; font-src 'self' data: https://static.uppercap.com/ https://fonts.gstatic.com; connect-src 'self' wss://worker.uppercap.com/ https://worker.uppercap.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://webpay3gint.transbank.cl/ 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud *.google-analytics.com *.doubleclick.net judxu4avx2.execute-api.eu-west-1.amazonaws.com 3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rawgit.com sc.lfeeder.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com staticcontents.investisdigital.com ipapi.connectid.cloud  www.youtube.com youtube.com s.ytimg.com unpkg.com use.typekit.net p.typekit.net tagmanager.google.com www.google.com maps.googleapis.com maps.google.com;; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net p.typekit.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net www.google.com otp.tools.investis.com vimeo.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com; report-uri /report-csp-violation 1
default-src 'self' data: ; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-c22bb4e07d73ece1d026c821c165395b' 'nonce-36bb77a3da9a0e1e525d8fbcf7ab56fc' 'nonce-2830661915586d5e367d92cf694b9489' 'nonce-c7aba118f017433594ba5cba080e259d' 'nonce-cad185159de8c130dbb024d0273a627d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c22bb4e07d73ece1d026c821c165395b' 'nonce-36bb77a3da9a0e1e525d8fbcf7ab56fc' 'nonce-2830661915586d5e367d92cf694b9489' 'nonce-c7aba118f017433594ba5cba080e259d' 'nonce-cad185159de8c130dbb024d0273a627d' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' http:  https: bott-fs.kittelberger.net *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' www.bosch-thermotechnology.us bosch-thermotechnology.us fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' www.bosch-thermotechnology.us bosch-thermotechnology.us static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.etracker.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com; img-src 'self' https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com https://yoast.com; frame-src 'self' https://codepen.io https://www.google.com https://www.youtube.com 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self'; frame-src 'self' *.twitter.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://cdn.syndication.twimg.com/ *.twitter.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
default-src 'self'; object-src 'self' https://pts.eteleon.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.eteleon.de https://umfrage.eteleon.de https://pts.eteleon.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.eteleon.de https://stats.eteleon.de https://imagepool.eteleon.de https://pts.eteleon.de https://api.trustedshops.com https://trustbadge.api.etrusted.com/shop/X37852C187578EB2357B3937AF0ABF16A/memberservice https://shops-si.trustedshops.com/shops/X37852C187578EB2357B3937AF0ABF16A https://trustbadge-logging.trustedshops.com; script-src 'strict-dynamic' 'nonce-1ec4be2e988f9b46628fc9a7d3163404' 'nonce-8cd8d19fd485eb5b7e5a3933819f2010' 'nonce-a7f7bcf961eeb297c353b8a59d0f35a5' 'nonce-ed614d3c8b72d7eefab1957eab01e0c9' 'nonce-b04f8a752544941778a98a7063538bd3' 'nonce-47d612427d8a78ae50587710b6b1d3aa' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.eteleon.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1ec4be2e988f9b46628fc9a7d3163404' 'nonce-8cd8d19fd485eb5b7e5a3933819f2010' 'nonce-a7f7bcf961eeb297c353b8a59d0f35a5' 'nonce-ed614d3c8b72d7eefab1957eab01e0c9' 'nonce-b04f8a752544941778a98a7063538bd3' 'nonce-47d612427d8a78ae50587710b6b1d3aa' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
script-src 'self' 'nonce-bQ4PVGFYLx31DeXJZCiscyMI' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' *.mytolino.com data: *.youtube-nocookie.com *.ytimg.com *.googleusercontent.com *.mzstatic.com *.googleapis.com *.gstatic.com 'unsafe-inline' mytolino.com mytolino.at mytolino.ch mytolino.it mytolino.be mytolino.fr mytolino.nl mytolino.uk opensource.mytolino.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https: wss: 1
frame-ancestors 'self' https://*.salesforce.com 1
default-src 'self' gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.gleamjs.io *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src https:; script-src 'self' 'nonce-c+zTIdtOtC9FIP5WN4VLyVMuMkA61l1D' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-bjP4XlXvPfzuF+iCtX6yycChGwhuKdmU' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1
frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'nonce-6AEemGb0xJptoIGFP3Nd' 'nonce-7AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
script-src 'nonce-C2BMegQJp5NziyzJ+87N0gYPNfM=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://tinyurl.com *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' data: ; img-src 'self' 'unsafe-inline' data: https://app.usercentrics.eu https://daimlerag.d2.sc.omtrdc.net; connect-src 'self' https://graphql.usercentrics.eu 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.google.com https://sentry.io https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.vectrabank.com https://*.vectrabank.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumome.com https://*.sumo.com https://zionsbancorp.sc.omtrdc.net; script-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.vectrabank.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com 'unsafe-eval'; object-src 'self' data: https://*.vectrabank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.vectrabank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://*.youtube.com https://*.ytimg.com https://*.vimeo.com; media-src 'self' data:; frame-src 'self' https://*.vectrabank.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.ytimg.com https://vimeo.com https://*.vimeo.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://outlook.office365.com; frame-ancestors 'self' https://banking.vectrabank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net *.hsadspixel.net js.hs-banner.com *.hs-banner.com *.sumo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no *.nautique.tv micro-cdn.sumo.com; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com *.nautique.tv; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.hubapi.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.servmetric.com *.govmetric.com; report-uri /report-csp-violation 1
default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self'; script-src 'self' data: maps.googleapis.com maps.google.com https://ssl.google-analytics.com https://www.paypalobjects.com https://www.paypal.com/tagmanager/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: maps.googleapis.com maps.google.com *.gstatic.com *.gravatar.com *.ytimg.com *.paypal.com www.paypalobjects.com www.steelforlife.org www.steelconstruction.org https://ssl.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.paypal.com/webapps/hermes/api/logger https://www.paypal.com/xoplatform/logger/api/logger; frame-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; child-src 'self' https://www.sandbox.paypal.com/ https://www.paypal.com/ https://securepayments.sandbox.paypal.com/ https://securepayments.paypal.com/ https://www.youtube.com https://player.vimeo.com/; 1
default-src 'self' *.intelliflo.com and *.test.intelliflo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.intelligent-office.net *.intelliflo.com *.test.intelliflo.com cdn.walkme.com  ec.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net papi.walkme.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.walkme.com *.amazonaws.com data: *.intelliflo.com; media-src 'self'; frame-src https:; font-src 'self' data:; connect-src 'self' *.intelliflo.com and *.test.intelliflo.com and *.amazonaws.com and wss://*.intelliflo.com and ec.walkme.com and cdn.walkme.com; 1
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' https: *.junkers.es; media-src 'self' https: mycliplister.com; font-src 'self' *.junkers.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers.es; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-TldRNU9HVmlOR1JtWXpWaFltVTA=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WlRoak5EZGpabVF4WVdOaU5qSTM=' *.readspeaker.com 'nonce-WlROak9XWm1aV1JoTmpFd01UWTA=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-T1RrMk5UTXpZelU1Tm1abE5XTTU='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.nets.eu http://*.nets.eu *.nets.eu https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google.com http://*.google.com *.google.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.google.com *.mouseflow.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl www.googletagmanager.com www.gstatic.com googleads.g.doubleclick.net www.google.com https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://developers.google.com https://maps.googleapis.com https://embed.webinargeek.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.typekit.net;font-src https://fonts.gstatic.com data: *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com https://bid.g.doubleclick.net https://app.webinargeek.com *.mouseflow.com 1
form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com  *.gwb-lernen.com *.expo-ip.com *.iwis-daido.com https://*.crisp.chat wss://*.crisp.chat data: 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' doo.net *.doo.net *.db-app.de *.swmh.de www.youtube.com *.ytimg.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.stry.tl *.podigee.com *.licdn.com *.linkedin.com consent-cdn.sv-veranstaltungen.de; object-src 'self'; style-src 'self' 'unsafe-inline' *.doo.net *.db-app.de www.google.com *.stry.tl *.podigee.com; img-src 'self' data: *.doo.net *.db-app.de www.youtube.com *.ytimg.com www.google.com www.google.de www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.stry.tl *.podigee.com *.linkedin.com *.vimeo.com *.vimeocdn.com; media-src 'self' www.youtube.com; frame-src 'self' doo.net *.doo.net securepay.swmh.de *.swmh.de *.db-app.de www.youtube.com www.youtube-nocookie.com *.ytimg.com www.google.com www.gstatic.com *.stry.tl *.screenpaper.io *.podigee.com consent-cdn.sv-veranstaltungen.de *.vimeo.com; font-src 'self' data: *.doo.net *.db-app.de www.google.com *.podigee.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com consent-cdn.sv-veranstaltungen.de stats.g.doubleclick.net 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-WVdabU5EZzJOR1ExWVdKa1pqazE=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TXpaak5qRTVNRFZpTldNMk1XRTE=' *.readspeaker.com 'nonce-WXpJek5qUmhZV0l4WlRRNU56ZGs=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-WldSak1qZGpNRGt4WlRRMk56STM='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://optimize.google.com; style-src data: 'self' 'unsafe-inline' *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src * data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com; media-src *; font-src * https://fonts.gstatic.com https://checkout.orangefit.nl data:; connect-src * data: blob: 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.criteo.com *.vimeo.com *.hotjar.com https://optimize.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se; media-src 'none'; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
default-src 'self' *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com siteimproveanalytics.com *.readspeaker.com *.obi4wan.com *.pusher.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' www.google-analytics.com *.siteimproveanalytics.io  data: *.obi4wan.com *.amazonaws.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com *.readspeaker.com; connect-src 'self' www.google-analytics.com *.readspeaker.com *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' *.sernet.de *.google.com *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com *.gstatic.com 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.zevenaar.nl app.cobrowser.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com app.cobrowser.com fonts.googleapis.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.zevenaar.nl www.gstatic.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.zevenaar.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.zevenaar.nl app.cobrowser.com wss://app.cobrowser.com fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation 1
default-src ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.entrecode.de https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com bat.bing.com *.doubleclick.net *.usercentrics.eu https://connect.facebook.net https://snap.licdn.com; object-src ; style-src 'unsafe-inline' *; img-src * data:; media-src *; child-src 'self' *.t5-karriereportal.de *.youtube.com *.googlevideo.com *.doubleclick.net *.googlesyndication.com; font-src * data:; connect-src * *.entrecode.de; manifest-src 'self' 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'nonce-WTJOa01ESmxOVEExTnprNU1qbGo=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WVdVNE16Z3labU13TWpWa05URXg=' *.readspeaker.com 'nonce-TmprM01UZzJOek00WVRSaU5tRmk=' *.timeblockr.com; object-src 'self'; style-src 'self' *.readspeaker.com *.timeblockr.com 'nonce-WXpOa01qSTFNRGsxWVdObE1tRXk='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com s.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com playout.3qsdn.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; connect-src 'self' https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de; frame-ancestors 'self'; 1
policy-uri /'self' 1
default-src 'self' ; script-src 'self' 'nonce-WmpVMFlUUTVNVGxtTkRjek5tUTU=' *.kaartviewer.nl 'nonce-WmpkaVpqQTJaVGM1T1RVNVptRXg=' 'nonce-TUdVek1qYzNZMlZoTlRrM09HVmw=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' *.kaartviewer.nl 'nonce-Tm1WaE9XUTVNelkxTnpOa016QTU='; img-src 'self' data: geodata.nationaalgeoregister.nl *.kaartviewer.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com raster.horstaandemaas.nl; media-src 'self'; frame-src 'self' www.youtube.com *.google.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.kaartviewer.nl *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.kaartviewer.nl *.siteimprove.com *.servmetric.com; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-150e08d6a2f65a0be06c3876dcfeaa9d' 'nonce-fe7cbb74bcfe10d6442e4225f89c4168' 'nonce-b4e12daabfaa16946fe6d1f3c730849d' 'nonce-5ecd52ff573e32b99e2655f98ca4fc1f' 'nonce-de895dd2b270b157ea365c48ba6eae65' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-150e08d6a2f65a0be06c3876dcfeaa9d' 'nonce-fe7cbb74bcfe10d6442e4225f89c4168' 'nonce-b4e12daabfaa16946fe6d1f3c730849d' 'nonce-5ecd52ff573e32b99e2655f98ca4fc1f' 'nonce-de895dd2b270b157ea365c48ba6eae65' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https://seal.digicert.com https://img.youtube.com https://seal.websecurity.norton.com https://www.google-analytics.com https://widgets.trustedshops.com; report-uri https://pswgroup.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; child-src 'self' *.a-ads.com www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com livejournal.com www.google.com coub.com *.yandex.ru vk.com ok.com rutube.ru; script-src 'self' 'unsafe-inline' files.coinmarketcap.com ajax.googleapis.com app.sharpay.io www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' api.imgur.com *.golos.id wss://*.golos.id *.golos.today *.coinmarketcap.com app.sharpay.io www.google-analytics.com cdn.jsdelivr.net; report-uri /api/v1/csp_violation; object-src 'self'; frame-ancestors 'none' 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
default-src 'self'; connect-src 'self' https:; font-src 'self' chrome-extension: https:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://disqus.com http://disqus.com disqus.com; img-src 'self' data: http: https:; script-src 'self' https://cdn.ampproject.org https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://code.jquery.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com https://*.twimg.com https://platform.twitter.com data:; style-src 'self' https://fonts.googleapis.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://*.twimg.com https://*.disqus.com http://*.disqus.com *.disqus.com https://*.disquscdn.com http://*.disquscdn.com *.disquscdn.com 'unsafe-inline'; 1
default-src 'self' data: *.deluxebrand.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://in.hotjar.com https://api.sandbox.braintreegateway.com/ https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://js.braintreegateway.com https://unpkg.com https://cdn.ckeditor.com https://script.hotjar.com https://demos.telerik.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com http://cdn.appdynamics.com https://cdn.quantummetric.com https://kendo.cdn.telerik.com http://cdnjs.cloudflare.com http://ajax.googleapis.com https://ajax.aspnetcdn.com http://ajax.aspnetcdn.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://ajax.googleapis.com  https://use.fontawesome.com  https://code.jquery.com https://core.spreedly.com https://cdnjs.cloudflare.com https://dmg-widget.s3-us-west-2.amazonaws.com https://www.googletagmanager.com https://cdn.impossible.io https://maps.googleapis.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://static.hotjar.com https://scripts.hotjar.com https://dmg-gallery-images-uat.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' https://assets.braintreegateway.com https://dmg-widget.s3-us-west-2.amazonaws.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com https://use.fontawesome.com https://kendo.cdn.telerik.com  https://core.spreedly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com; img-src data: *; media-src *; frame-src *; font-src *; connect-src 'self' data: *.deluxebrand.com https://www.google-analytics.com https://siteintercept.qualtrics.com http://col.eum-appdynamics.com https://stats.g.doubleclick.net https://7n7l08yp06.execute-api.us-west-2.amazonaws.com https://cdn.ckeditor.com https://script.hotjar.com https://dmg-gallery-images-dev.s3.us-west-2.amazonaws.com https://in.hotjar.com https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com wss://ws6.hotjar.com/api/v2/client/ws https://dmg-gallery-images-uat.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
frame-ancestors http://my.rotary.org https://my.rotary.org http://my-cms.rotary.org https://my-cms.rotary.org 'self'; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google-analytics.com www.youtube.com *.ytimg.com tagmanager.google.com maps.googleapis.com https://static.hotjar.com/ https://script.hotjar.com/ cookiehub.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com cookiehub.net; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com https://referrer.disqus.com/juggler/stat.gif c.disquscdn.com stats.g.doubleclick.net bat.bing.com www.facebook.com www.google.com www.google.be www.googletagmanager.com maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.dekust.be cdn.knightlab.com vars.hotjar.com; font-src 'self' *.typekit.net fonts.gstatic.com data: *.hotjar.com; connect-src 'self' performance.typekit.net www.google-analytics.com *.stats.g.doubleclick.net https://in.hotjar.com/ https://vc.hotjar.io/ cookiehub.net; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self' https://d3gcmglegmnvz8.cloudfront.net/; child-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; frame-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; connect-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.pinterest.com https://*.nr-data.net https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br https://*.yimg.com/; default-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ 'unsafe-eval' 'unsafe-inline' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.googleapis.com https://d3gcmglegmnvz8.cloudfront.net/ https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' data: https://*.pinterest.com https://www.gstatic.com https://*.ytimg.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ wss://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/ blob:; media-src https://d3gcmglegmnvz8.cloudfront.net/; object-src https://d3gcmglegmnvz8.cloudfront.net/; script-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com/ https://*.nr-data.net https://*.list-manage.com https://*.mailchimp.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://*.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.newrelic.com/ https://*.facebook.com/ https://*.facebook.net https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://seal.geotrust.com/ https://www.youtube.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.yimg.com/ 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.mailchimp.com https://fonts.googleapis.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ 'unsafe-inline'; frame-ancestors 'self' https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io gap:; referrer origin-when-cross-origin; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=EzaQPuYZ8aJmV%2fFCQjtWSJQd57UyAdzRXrhXcN8kyG1mgz8hR9oPtXKJB0vGZ1I0cqeaIS87Y8N%2b%2f0xRLmwxKCN5B4yHmM8Eep%2bHdWCKQj5VusQaTrF%2flmge6OOzPQxV; 1
default-src 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://www.google-analytics.com https://*.sentry.io *.sentry.io https://*.abtasty.com *.abtasty.com https://api.addressfinder.io https://au-live.inside-graph.com au-live.inside-graph.com https://*.doubleclick.net *.doubleclick.net wss://au-live.inside-graph.com https://www.facebook.com/tr; font-src 'self' https://fonts.gstatic.com https://*.abtasty.com *.abtasty.com https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://au-cdn.inside-graph.com blob: data:; form-action 'self' https://www.facebook.com https://*.powershop.co.nz *.powershop.co.nz; frame-ancestors 'self'; frame-src https://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/ https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com https://*.doubleclick.net *.doubleclick.net; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://i.vimeocdn.com https://i.vimeocdn.com https://www.google-analytics.com www.google-analytics.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://www.googletagmanager.com www.googletagmanager.com https://track.hubspot.com track.hubspot.com https://www.facebook.com www.facebook.com https://*.abtasty.com *.abtasty.com https://*.amazonaws.com *.amazonaws.com https://au-cdn.inside-graph.com https://www.google.com/ads/ https://www.google.com.au/ads/ blob: data:; media-src https://youtube.com youtube.com https://vimeo.com vimeo.com; object-src 'none'; script-src 'self' https://*.vimeo.com *.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.net *.facebook.net https://*.facebook.com *.facebook.com https://*.inside-graph.com *.inside-graph.com https://js.hs-scripts.com js.hs-scripts.com https://*.hs-banner.com *.hs-banner.com https://*.hubspot.com *.hubspot.com https://js.hs-analytics.net https://*.abtasty.com *.abtasty.com https://*.abtasty.com *.abtasty.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net 'nonce-NTg5OTBhNjk4MjgyNGUxZjc3Y2NhOWFkNzFiZTIyMWE3YTQ5YWZkNmU4OGFmN2QzNGE2MThjMWFlZmVmOTYwYWRmYjI5ZjRkMzM3NDIzYjM3YTM0OGE2MDMxMDA1MmViYjZjOTMzOGQ5NWFmMzZkM2RmNWM1MTU3OTFkZThlZGU=' 'unsafe-eval' blob:; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.abtasty.com *.abtasty.com https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://au-cdn.inside-graph.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'none'; connect-src 'self' https://*.force.com/ https://cdns.us1.gigya.com/ https://*.gigya.com/ https://*.facebook.com/ https://www.googleoptimize.com/ https://*.pusher.com wss://*.pusher.com https://*.fusepump.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.sessioncam.com/ https://*.doubleclick.net/ https://*.nr-data.net/ https://*.mookie1.com/ 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dancow.co.id/report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.duiven.nl app.cobrowser.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com app.cobrowser.com fonts.googleapis.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.duiven.nl www.gstatic.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.duiven.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.duiven.nl app.cobrowser.com wss://app.cobrowser.com fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.officereality.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com https://c918654.ssl.cf3.rackcdn.com fast.fonts.net; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com   geoid.investisdigital.com https://cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com player.vimeo.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
default-src 'self'  ;script-src 'self'   'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline'  ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org ; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: piwik.itzbund.de; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.smithwicksexperience.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.myfonts.net *.hotjar.com *.facebook.net; object-src 'self' https: *.smithwicksexperience.com ; style-src 'self' 'unsafe-inline' https: *.smithwicksexperience.com fonts.googleapis.com footer.diageohorizon.com *.myfonts.net; img-src 'self' https: data: *.smithwicksexperience.com *.googleapis.com *.gstatic.com analytics.twitter.com d.adroll.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.ie www.google-analytics.com *.hotjar.com *.facebook.com; frame-src 'self' https: *.smithwicksexperience.com *.worldnettps.com www.youtube.com *.hotjar.com; font-src 'self' https: *.smithwicksexperience.com data: *.myfonts.net *.gstatic.com *.hotjar.com; connect-src 'self' https: *.smithwicksexperience.com *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com; media-src 'self' https: *.smithwicksexperience.com 1
default-src 'self' bam.eu01.nr-data.net cdn.jsdelivr.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com bam.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net p.typekit.net cloud.typography.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: use.typekit.net p.typekit.net fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com www.googletagmanager.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://unpkg.com https://storage.googleapis.com/ https://consentcdn.cookiebot.com https://consent.cookiebot.com/ https://www.gstatic.com/ https://analytics.edlinger.at/ https://cdn.polyfill.io https://twitter.com https://*.twimg.com https://ton.twitter.com https://*.cloudfront.net https://*.cloudflare.com https://code.angularjs.org https://www.dropbox.com/ https://app.box.com https://*.live.net/ https://*.google.com  https://cdn.jsdelivr.net https://cdn.jsdelivr.net www.google.com staticxx.facebook.com facebook.com www.googletagmanager.com connect.facebook.net www.google-analytics.com ajax.googleapis.com https://cdn.polyfill.io; object-src 'self' data: https://cdn.whisky-circle.info https://*.cloudfront.net; style-src 'self' data: 'unsafe-inline' https://unpkg.com  https://*.cloudfront.net https://cdn.whisky-circle.info https://*.googleapis.com/ https://www.whisky-circle.info/a-guide-to-driving-in-scotland/ ; img-src 'self' blob: data:https://*.googleusercontent.com  https://opensharecount.com https://*.osm.org https://analytics.edlinger.at/ https://www.blogheim.at https://cdn.whisky-circle.info https://*.google.at https://themeadviser.com https://www.google-analytics.com https://www.facebook.com s.w.org https://stats.g.doubleclick.net https://www.gravatar.com/avatar/ https://secure.gravatar.com/ ps.w.org https://www.google.com https://*.googleapis.com/; media-src 'self' data: https://cdn.whisky-circle.info; worker-src 'self' data: https://*.vimeo.com https://*.cloudfront.net https://*.youtube.com https://*.youtube-nocookie.com https://staticxx.facebook.com https://cdn.polyfill.io; font-src 'self' data: https://cdn.whisky-circle.info https://*.gstatic.com; connect-src 'self' data: https://analytics.edlinger.at/ https://www.clarity.ms https://www.google-analytics.com https://my.yoast.com https://yoast.com/; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; frame-src 'self' data: https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://analytics.edlinger.at/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.staticflickr.com *.youtube-nocookie.com maps.googleapis.com developers.google.com *.3qsdn.com *.flickr.com tde-stats.spin-ag.de *.telefonica.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.3qsdn.com; connect-src 'self' *.3qsdn.com; media-src 'self' *.youtube-nocookie.com *.3qsdn.com *.staticflickr.com *.flickr.com blob:; child-src 'self' *.telefonica.de *.udldigital.de *.youtube-nocookie.com *.3qsdn.com blob:; object-src 'self'; frame-src 'self' *.google.com *.telefonica.de *.youtube-nocookie.com data:; form-action 'self'; img-src 'self' *.udldigital.de chart.apis.google.com  maps.gstatic.com *.googleapis.com developers.google.com *.telefonica.de *.staticflickr.com *.flickr.com tde-stats.spin-ag.de *.3qsdn.com data: 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.water-garden.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.doubleclick.net https://*.doubleclick.net *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com i.reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com; frame-src 'self' *.googleadservices.com *.doubleclick.net https://*.google.com https://*.google.co.uk https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.google.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com http://www.reviews.co.uk cdn.zopim.com; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com https://*.google.com https://*.google.co.uk *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.google.com *.googleadservices.com https://googleadservices.com *.reviews.co.uk *.reviews.io https://widget.reviews.io i.reviews.co.uk www.oase-livingwater.com https://seal.verisign.com reviews.co.uk http://www.reviews.co.uk cdn.zopim.com bat.bing.com *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com; child-src *.googleadservices.com https://googleadservices.com; image-src *.googleadservices.com https://googleadservices.com; object-src https://seal.verisign.com d1ros97qkrwjf5.cloudfront.net *.zopim.com; 1
default-src 'self'; connect-src 'self' http://*.nsbank.com https://*.nsbank.com https://*.demdex.net https://*.google.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.nsbank.com https://*.zionsbank.com https://*.adsrvr.org https://connect.facebook.net https://*.bufferapp.com https://*.linkedin.com https://*.pinterest.com https://*.reddit.com https://*.online-metrix.net https://*.adobedtm.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.googletagmanager.com https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://smartzonessva.com https://*.ytimg.com 'unsafe-eval'; object-src 'self' data: https://*.nsbank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.bootstrapcdn.com https://*.google-analytics.com https://*.youtube.com https://*.smartzonessva.com https://*.gravatar.com; img-src 'self' data: https://*.gstatic.com https://*.nsbank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.facebook.com https://*.online-metrix.net https://*.mkt51.net https://*.pages05.net https://*.adsrvr.org https://*.google-analytics.com https://*.doubleclick.net https://*.gravatar.com; media-src 'self' data:; frame-src 'self' https://*.nsbank.com https://*.demdex.net https://*.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.online-metrix.net https://*.adsrvr.org; frame-ancestors 'self' https://banking.nsbank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.bootstrapcdn.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com/  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com ; object-src 'self'; style-src 'self' 'unsafe-inline' http://cdn.ckeditor.com; img-src 'self' http://cdn.ckeditor.com; media-src 'self' https://youtube.com; frame-src 'self' https://www.youtube.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.neu content.adfox.ru *.googleapis.com *.yandex.net *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' 'unsafe-inline' data: *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://p.adsymptotic.com/ https://wb.messengerpeople.com/ https://www.baufi-lead.de/ https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://fondsfinanzfilme1.s3-external-3.amazonaws.com/ https://fondsfinanzfilme1.s3.amazonaws.com/ https://europace2.de/ https://www.europace2.de https://widget.msgp.pl https://www.yumpu.com; script-src 'self' 'unsafe-inline' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.baufi-lead.de/;frame-ancestors 'self' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de www.rd-rhein-main.com www.finanzmakler-weimar.de www.finanzbonus.com www.afp-makler.de www.afp-regionaldirektion.de www.makler-mehrwert.de www.fuvb.eu www.allfinanz-sachsen.de www.bimi-maklernetzwerk.de www.kapitalrente.de www.osthessen-versicherung.de www.nickl-versicherungsmakler.com www.ohzversicherungen.de www.1aversicherungen.de www.ms-finanzen.de www.versicherungsmakler-pinneberg.de www.wilke-finanz.de 1
default-src 'self'  *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net * ;script-src 'self'  *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net *  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline'  *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net * ;img-src 'self' data:  *.tile.openstreetmap.org *.googletagmanager.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.google.com *.google.co.uk *.g.doubleclick.net * ;object-src 'none'; 1
default-src 'self' detergents.lidl-info.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=8K%2fOjxrmhlb4zzhYgiiOCjtba4IWzl4rRz0ooiNiJW6OIekd4Wx2fPBJjUHG0nzYgEgq36iIFasGEIwZ20s%2bad%2fFpCg2Dfdw8AU0OEKP0LqW2YgX%2fRv83L2mU4apLncg%2f4xEACeL3xtJVFBvjHetczNaapheKiAVW7U0dIQKC6h2ufx655o2RoZFfYB9vzb41Oq%2f4C82UFEDAuk4wSQ%2fmenTktF0k0HPTSG%2bTWeTSoY%3d; 1
default-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://c.disquscdn.com/ https://disqus.com/ https://apis.google.com/ https://usperform.atwix.com:*/;script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; child-src 'self' https:; font-src 'self' data:  https://fonts.gstatic.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src https: 'unsafe-inline'; report-uri //report-csp-violation 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' piwik.bodegraven-reeuwijk.nl https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 app.trengo.eu; object-src 'self'; style-src 'self' 'unsafe-inline' app.trengo.eu; img-src 'self' piwik.bodegraven-reeuwijk.nl data: https://*.giphy.com https://s3.eu-central-1.amazonaws.com https://trengo.s3.eu-central-1.amazonaws.com; media-src 'self' https://static.widget.trengo.eu; frame-src 'self' bodegravenreeuwijk.kaartviewer.nl; frame-ancestors 'self' bodegravenreeuwijk.kaartviewer.nl piwik.bodegraven-reeuwijk.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com s3.eu-central-1.amazonaws.com; connect-src 'self' https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com app.trengo.eu; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'nonce-TjJabE5HRmtOelJqWWpoaFpEZzQ=' piwik.vught.nl 'nonce-WXpneU5tTXhPVEF4TkdGak4yWTI=' 'nonce-WVRWak9EVmhZMll4TlRoaVpXTXg='; object-src 'self'; style-src 'self'; img-src 'self' data: piwik.vught.nl www.toegankelijkheidsverklaring.nl; media-src 'self'; frame-src 'self'; frame-ancestors 'self' piwik.vught.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com fonts.gstatic.com; connect-src 'self' piwik.vught.nl; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'nonce-TTJReU5qSTRZamhpWVRNM1ptVmo=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com www.googletagmanager.com *.google-analytics.com 'nonce-WTJWaVpHTTJNMkkyTTJNM01EQmg=' 'nonce-WTJNeE9HSTJNVGswTjJSbFlqZzQ='; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.google-analytics.com *.gstatic.com; media-src 'self'; frame-src 'self' *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.galaxyexperte.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.galaxyexperte.de https://umfrage.galaxyexperte.de https://pts.galaxyexperte.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.galaxyexperte.de https://stats.galaxyexperte.de https://imagepool.galaxyexperte.de https://pts.galaxyexperte.de; script-src 'strict-dynamic' 'nonce-8fd9c7ed6904f1e0722ff354808c90cb' 'nonce-f34df2a57cb757d9bd15dcf7d19db834' 'nonce-c8ae739a648f307e893b69c6cc5d854d' 'nonce-9ee18a40d53fbc8327b4bff911b0becf' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.galaxyexperte.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; media-src 'self' https://imagepool.galaxyexperte.de; script-src-elem 'strict-dynamic' 'nonce-8fd9c7ed6904f1e0722ff354808c90cb' 'nonce-f34df2a57cb757d9bd15dcf7d19db834' 'nonce-c8ae739a648f307e893b69c6cc5d854d' 'nonce-9ee18a40d53fbc8327b4bff911b0becf' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none'; default-src 'self' https://p.scdn.co; child-src https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://admin.spotlight.prod.fined.io; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.plyr.io https://noembed.com https://vimeo.com https://apps.ticketmatic.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://i.ytimg.com https://i.vimeocdn.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdn.plyr.io https://www.youtube.com https://s.ytimg.com https://player.vimeo.com 'nonce-afe68ef8df1d3b98' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdn.plyr.io 'nonce-afe68ef8df1d3b98'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net fonts.googleapis.com youtube.com *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com cdn.rawgit.com otp.tools.investis.com https://sc.lfeeder.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com youtube.com brightcove.hs.llnwd.net; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com otp.tools.investis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
img-src * https://www.google-analytics.com/ data: ; default-src *; script-src www.globalballooning.com.au cn.globalballooning.com.au 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.facebook.com *.fbcdn.net *.fbcdn.net *.facebook.net *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.XYX *.google.com *.google.fr  *.googleadservices.com *.gstatic.com   *.akamaihd.net *.tawk.to cdn.jsdelivr.net data: ; frame-src *.tawk.to *.googletagmanager.com *.youtube.com *.vimeo.com *.securepay.com.au *.weatherlink.com *.facebook.com; style-src * 'unsafe-inline' ; connect-src www.globalballooning.com.au cn.globalballooning.com.au   *.facebook.com *.fbcdn.net *.facebook.net *.googleadservices.com *.google.fr *.doubleclick.net *.akamaihd.net ws://*.facebook.com:* *.tawk.to wss://*.tawk.to https://www.google-analytics.com/; 1
default-src 'self'; child-src 'self' *.youtube.com *.bayern.de; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.wagnergroup.com *.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com vjs.zencdn.net hello.myfonts.net snap.licdn.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://siteimproveanalytics.com 'unsafe-eval'; style-src 'unsafe-inline' 'self' fonts.googleapis.com vjs.zencdn.net hello.myfonts.net; img-src 'self' data: www.wagnergroup.com www.google-analytics.com maps.googleapis.com csi.gstatic.com maps.gstatic.com stats.g.doubleclick.net px.ads.linkedin.com http://*.hotjar.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click http://ssl.siteimprove.com; connect-src 'self' www.youtube.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; object-src 'self' www.youtube.com http://conv.indeed.com https://c.leadlab.click; frame-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; child-src 'self' www.youtube.com https://*.hotjar.com http://conv.indeed.com https://c.leadlab.click; font-src 'self' data: vjs.zencdn.net fonts.gstatic.com; 1
default-src 'self' *.demdex.net *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com;        script-src 'self' 'unsafe-inline' *.demdex.net *.adobedtm.com *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com *.googleapis.com *.googletagmanager.com *.twitter.com *.google-analytics.com *.twimg.com *.linkedin.com https://unpkg.com *.cloudflare.com 'unsafe-eval';        font-src 'self' *.gstatic.com;        style-src 'self' *.twimg.com 'unsafe-inline' *.googleapis.com *.twitter.com;        img-src data: 'self' *.youtube.com *.googleapis.com *.twitter.com *.twimg.com maps.gstatic.com *.everesttech.net *.demdex.net *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com *.google-analytics.com *.linkedin.com;        frame-src *;        connect-src *.allianz.de *.allianz-realestate.com *.allianz-investmentrealestate-solutions.com localhost *.google-analytics.com *.stats.g.doubleclick.net 1
script-src 'nonce-144791c7d8b541f1ae052c7abaa38507' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://*.sharethis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com/ajax/libs/es6-shim/0.35.3/es6-shim.min.js https://unpkg.com/vue@2.5.17/dist/vue.js https://unpkg.com/vee-validate@2.1.0-beta.9/dist/vee-validate.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.15.1/moment.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.linkedin.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://www.surveygizmo.eu https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.youtube.com https://cdn.jsdelivr.net https://*.outbrain.com https://snap.licdn.com https://survey.alchemer.eu https://*.gstatic.com; object-src 'self' https://*.flickr.com; style-src 'self' 'unsafe-inline' https://*.sharethis.com https://*.hotjar.com https://www.surveygizmo.eu https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.net https://*.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.bizographics.com https://*.google.com  https://*.google.be https://px.ads.linkedin.com https://*.sharethis.com http://*.sharethis.com https://www.surveygizmo.eu https://tr.outbrain.com https://www.eflavours.be; media-src 'self' http://*.vimeo.com https://*.vimeo.com https://*.youtube.com; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://*.sharethis.com https://c.sharethis.mgr.consensu.org https://*.deltalloydlife.be https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.eflavours.be https://fonts.gstatic.com; connect-src 'self'  https://*.sharethis.com https://*.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://dev.vwd-webtech.com https://business-customer.vwd.com https://*.google-analytics.com; report-uri /en/report-csp-violation 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr; 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditscorechoice.com *.pushnami.com static.zohocdn.com *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io; style-src 'self' 'unsafe-inline' *.creditscorechoice.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.creditscorechoice.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.pushnami.com *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: http://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net; script-src 'strict-dynamic' 'nonce-af25d187361cc93e9e4735757aba17b7' 'nonce-664f50bf7e2e62711f4361b0b91667ca' 'nonce-8b57ce0927fd783ccf26cdd7a8c92a54' 'nonce-fd0d2fceae000d4e9109493a12647337' 'nonce-0961b21a2392716b9be814065dbe9d50' 'nonce-6c3d64d2a71044fdc011d232552be453' 'nonce-02094d101d2c18dcaea27c98222b58b1' 'nonce-63e2619b1cac12a92824a6bdd3bfaccb' 'nonce-64b487f1d13b8c0a00c8106ef1c193ba' 'nonce-47abfc56b5a84d20d8bd39e23d848a75' 'self' https:; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-af25d187361cc93e9e4735757aba17b7' 'nonce-664f50bf7e2e62711f4361b0b91667ca' 'nonce-8b57ce0927fd783ccf26cdd7a8c92a54' 'nonce-fd0d2fceae000d4e9109493a12647337' 'nonce-0961b21a2392716b9be814065dbe9d50' 'nonce-6c3d64d2a71044fdc011d232552be453' 'nonce-02094d101d2c18dcaea27c98222b58b1' 'nonce-63e2619b1cac12a92824a6bdd3bfaccb' 'nonce-64b487f1d13b8c0a00c8106ef1c193ba' 'nonce-47abfc56b5a84d20d8bd39e23d848a75' 'self' https: 1
default-src 'self' https: 'unsafe-inline' blob:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' https://code.jquery.comv https://ajax.googleapis.com; img-src 'self' 'unsafe-inline' https: data:; frame-src 'self' 'unsafe-inline' https://plusone.google.com https://facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://js.driftt.com https://share.transistor.fm https://players.brightcove.net https://secureacceptance.cybersource.com/ https://s7.addthis.com https://6cdc87b6-64bc-43f1-a9a8-22a29a3ff0b3.widget.cluster.groovehq.com http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com https://pollev-embeds.com/ https://embed.polleverywhere.com https://twitter.com; frame-ancestors http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com; child-src blob: https://plusone.google.com https://facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com https://js.driftt.com https://share.transistor.fm https://s7.addthis.com https://code.jquery.com http://iidrupal8.dev.dd:8083 https://dev.iinetworks.com https://stg.iinetworks.com https://www.iinetworks.com https://iinetworks.com https://iin-dev.eu.auth0.com https://iin-stg.eu.auth0.com https://iin-prd.eu.auth0.com https://local.iiconferences.com:8443 https://dev.iiconferences.com https://stg.iiconferences.com https://www.iiconferences.com https://www.iimemberships.com https://www.iiresearch.com https://www.iiforums.com https://www.ttivanguard.com https://www.iiresearch.com; font-src 'self' 'unsafe-inline' https: data:; report-uri /report-csp-violation 1
upgrade-insecure-requests;form-action 'self' https://www.createsend.com https://static.zdassets.com *.zdassets.com;frame-ancestors 'self'; object-src 'self';script-src *.zdassets.com 'unsafe-inline' 'self' https://secure.leadforensics.com https://assets.calendly.com https://js.createsend1.com https://www.googletagmanager.com https://player.vimeo.com/ https://apis.google.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com https://www.gstatic.com;child-src 'self' http://www.google-analytics.com;worker-src 'self' blob: data:;frame-src 'self' https://secure.leadforensics.com https://www.youtube.com https://www.youtube-nocookie.com https://calendly.com https://www.google.com https://app.hegias.com https://player.vimeo.com;font-src * 'self' https://player.vimeo.com/video/keepersecret.woff data:; 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://history.steem-engine.net https://servedby.revive-adserver.net https://pagead2.googlesyndication.com https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.steem-engine.net https://scot-api.steem-engine.net https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us https://apisct.cloud; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vrmwb.nl www.googletagmanager.com *.google-analytics.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' *.google-analytics.com *.openstreetmap.org data:; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; connect-src 'self' *.google-analytics.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis.com *.rawgit.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net viz.tools.investis.com *.rawgit.com ; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com  viz.tools.investis.com; frame-src 'self' *.investis.com www.google.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com viz.tools.investis.com ; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://www.googletagmanager.com/ns.html https://online.worldpay.com https://www.youtube.com https://e.issuu.com https://widgets.doctify.co.uk https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self' https://kingedwardvii.us8.list-manage.com https://online.worldpay.com https://www.facebook.com; frame-ancestors 'none'; img-src 'self' https://www.cqc.org.uk https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ssl.gstatic.com https://img.youtube.com https://www.facebook.com https://px.ads.linkedin.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.cqc.org.uk https://cdn.worldpay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com https://www.google.co.uk https://widgets.doctify.co.uk https://connect.facebook.net https://static-ssl.responsetap.com https://metrics.responsetap.com https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://www.cqc.org.uk https://tagmanager.google.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.jquery.com *.google.com *.gstatic.com *.googletagmanager.com  *.google-analytics.com; object-src 'self' www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'unsafe-eval' ; img-src 'self' *.googleapis.com *.google-analytics.com legal.bbulibrary.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com 192.168.2.248 dev.nixa.ca:8248; font-src 'self' *.gstatic.com *.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
referrer no-referrer 1
script-src 'nonce-e2082f62e9a04ef490d2fa08abb6654e' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1
img-src * 1
default-src 'self' https://www.googletagmanager.com https://use.fontawesome.com https://*.youtube.com https://www.google-analytics.com https://*.googlevideo.com 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.maps.yandex.net https://yastatic.net https://cdn.antisov.ru https://top-abd.mail.ru https://*.jivosite.com https://top-fwz1.mail.ru/js/code.js cdn.rees46.com/v3.js *.embedly.com *.gstatic.com *.ably.io http://api-maps.yandex.ru https://api-maps.yandex.ru *.beeline.ru *.google.kz *.google.com https://mc.yandex.ru www.facebook.com staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl https://cdn.ably.io cdn.ably.io dl.metabar.ru *.dadata.ru vk.com *.toysfest.ru https://www.google.com https://www.google.ru *.googleapis.com www.googletagmanager.com connect.facebook.net www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru cdn.mxpnl.com cdn.ably.io; child-src 'self' *.jivosite.com *.gstatic.com https://api-maps.yandex.ru http://awaps.yandex.ru mc.yandex.ru https://www.facebook.com https://staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl cdn.ably.io dl.metabar.ru *.dadata.ru https://www.youtube.com https://www.google.com https://www.google.ru *.facebook.com *.youtube.com 1
default-src 'self' 'unsafe-inline' *.sernet.de; style-src 'self' 'unsafe-inline'; img-src 'self' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com *.investis.com https://www.google-analytics.com geoid.investisdigital.com https://cookiemanager.investisdigital.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' https:; object-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src *; media-src 'self' https:; child-src 'self' https:; font-src *; connect-src * 1
base-uri 'self'; default-src 'self'; child-src https://www.googletagmanager.com/ns.html https://www.youtube.com https://vars.hotjar.com https://forms.hsforms.com https://www.google.com https://app.hubspot.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubspot.com https://forms.hubspot.com https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://o2.mouseflow.com https://forms.hsforms.com https://*.hubapi.com https://www.googleadservices.com https://*.google.co.uk https://*.google.nl; font-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self'; img-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://*.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://secure.gravatar.com https://track.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://*.hubspotusercontent40.net https://no-cache.hubspot.com https://*.ads.linkedin.com https://*.google.nl blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.leadforensics.com https://www.googleadservices.com https://forms.hsforms.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.hsforms.net https://js.usemessages.com https://js.hscollectedforms.net https://cdn.mouseflow.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://js.hsadspixel.net https://*.hsleadflows.net https://js.hubspot.com https://*.hubspot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.certificationeurope.com https://*.certificationeurope.co.uk https://*.ceitalia.com https://*.certificationeurope.co.jp https://www.certificationeurope.test https://www.certificationeurope-uk.test https://www.certificationeurope-it.test https://www.certificationeurope-jp.test https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/giles; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self'; frame-ancestors 'self' 1
default-src 'self'; frame-src 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://widgets.ebscohost.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://cdnjs.cloudflare.com/ https://platform.twitter.com/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate.googleapis.com https://feeds.trac.jobs/ 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src wss://ws.beechat.hive-engine.com https://beechat.hive-engine.com https://accounts.hive-engine.com https://history.steem-engine.net https://servedby.revive-adserver.net https://anyx.io https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.hive-engine.com https://api.steem-engine.net https://scot-api.hive-engine.com https://scot-api.steem-engine.net https://steemitimages.com https://images.hive.blog securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com https://api.hive.blog api.blocktrades.us https://hivesigner.com https://pagead2.googlesyndication.com http://adservice.google.com https://www.google-analytics.com https://api.openhive.network https://www.reddit.com https://gist.github.com; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net servedby.revive-adserver.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com; report-uri /api/v1/csp_violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
default-src 'self'; object-src 'self' https://pts.discotel.de/p.swf; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.discotel.de https://umfrage.discotel.de https://pts.discotel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.discotel.de https://stats.discotel.de https://imagepool.discotel.de https://pts.discotel.de; script-src 'strict-dynamic' 'nonce-65a7f3eac6b9590c89ea7cb9a7481374' 'nonce-c40a34c22d3d813e6fe8a1caea955d3e' 'nonce-f4e38fd06218110ea892b32a63aafe50' 'nonce-8ad0aff265a799bb105149db3c5aed0d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.discotel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-65a7f3eac6b9590c89ea7cb9a7481374' 'nonce-c40a34c22d3d813e6fe8a1caea955d3e' 'nonce-f4e38fd06218110ea892b32a63aafe50' 'nonce-8ad0aff265a799bb105149db3c5aed0d' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net; img-src 'self' *.google-analytics.com; media-src 'self'; frame-src 'self' *.google.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' *.youtube-nocookie.com; font-src 'self' themes.googleusercontent.com use.typekit.net fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1