Values for x-webkit-csp:
default-src 'self' 32
report-uri /report-csp-violation 26
report-uri //report-csp-violation 25
allow 'self'; 18
default-src 'self'; 14
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 13
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 11
referrer origin 11
frame-ancestors 'self' 9
default-src 'self'; script-src 'self' 'unsafe-inline' 7
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com 7
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
frame-ancestors 'self' weleda.sabio.de 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.doubleclick.net  www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthis.com m.addthisedge.com m.addthis.com w.estat.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com ajax.googleapis.com; base-uri 'self'; 4
frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://cx.sap.com https://cx.sap.com https://nopreview.ru http://dev-cx.calliduscloud.com https://dev-cx.calliduscloud.com http://stage-cx.calliduscloud.com https://stage-cx.calliduscloud.com;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net http://dewdfbcmcps10:1080 http://dewdfbcmcps10 https://bcmcps.enter.sap *.d41.co 3
connect-src * 'self' 3
3
frame-ancestors *.splunk.com *.touchcast.com, frame-ancestors *.splunk.com *.touchcast.com 3
frame-ancestors 'self' https://*.adventhealth.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru  trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com  ukino-org.psh.one psh.one kino50-org.psh.one *.mgid.com *.siteswithcontent.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc vio.to; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 3
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3
defult-src 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 3
default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-c1a4885167b05ff1cf59c8e9d5370dbe634b9239' https://*.zopim.com https://*.zopim.io https://api.geetest.com https://bin.bnbstatic.com https://cdn.ampproject.org https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.binance.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://bin.bnbstatic.com https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://translate.googleapis.com; font-src 'self' data: https://at.alicdn.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com; connect-src 'self' https://*.zopim.com https://bin.bnbstatic.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://jpush.binance.im:5000 https://resource.binance.com https://s.datasconsole.com https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://translate.googleapis.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream.binance.net:443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' data: https://bin.bnbstatic.com https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.co https://www.binance.net https://www.google-analytics.com https://www.google.com https://www.gstatic.com; media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://static.zdassets.com https://v2.zopim.com; object-src 'none'; base-uri 'self' 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2
style-src 'self' 'unsafe-inline' 2
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; report-uri /report-csp-violation 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 2
default-src 'unsafe-inline' 'unsafe-eval' data: *.princesspolly.com princesspolly.com aws-staging.princesspolly.com *.google.com b24c55b04577edcff120-ee732677a7df0f7e6b24d56d54ebab21.ssl.cf4.rackcdn.com *.google.com.au tr.snapchat.com d3qiwpvx49u195.cloudfront.net static.olark.com static.barilliance.com www.barilliance.net *.gstatic.com cdn.bronto.com *.google-analytics.com *.adsrvr.org www.facebook.com log.olark.com so.rlcdn.com *.tribalfusion.com *.yotpo.com *.googleadservices.com *.googlefontapis.com *.googleapis.com bacon.section.io cdn.nextopia.net sc-static.net *.g.doubleclick.net connect.facebook.net static.secure-afterpay.com.au p.bm23.com js-agent.newrelic.com www.googlecommerce.com *.gosquared.com intljs.rmtag.com www.ist-track.com *.olark.com *.creativecdn.com 17a8228ae99605dda31b-ee732677a7df0f7e6b24d56d54ebab21.r9.cf4.rackcdn.com t.cfjump.com *.hotjar.com www.googletagmanager.com x.skimresources.com r.dlx.addthis.com ocsp.digicert.com status.geotrust.com *.linksynergy.com *.gleam.io gleam.io vc.hotjar.io www.google.ae dsum-sec.casalemedia.com bam.nr-data.net *.criteo.net dn3y71tq7jf07.cloudfront.net d1l6p2sc9645hc.cloudfront.net d2jjzw81hqbuqv.cloudfront.net *.criteo.com www.youtube.com s.ytimg.com pixel.tapad.com nypi.dc-storm.com *.pinterest.com cx.atdmt.com vector.nextopiasoftware.com princesspolly.ecomm-nav.com www.google.com.ph prf.hn www.polyvore.com barilliance.net www.talkable.com live-cdn.me-tail.net buy.monypayments.com www.secure-afterpay.com.au portal.afterpay.com anaytics.nextopia.net *.afterpay.com *.afterpay.com.au pay.secure-monypayments.com princesspolly-embedded.myunidays.com *.myunidays.com ln-rules.rewardstyle.com ddcfq0gxiontw.cloudfront.net *.braintree-api.com *.braintreegateway.com; 2
frame-ancestors 'self' https://*.etracker.com 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com cdn-akamai.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com tags.tiqcdn.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com *.callrail.com content.healthwise.net cdn.merklesearch.com *.rkdms.com cdn.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 2
upgrade-insecure-requests 2
upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'none' 2
default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io; media-src 'self'; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://api.steem-engine.com https://scot-api.steem-engine.com https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 2
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self''unsafe-eval' 'unsafe-inline' https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com ; style-src 'self' 'unsafe-inline'https://fonts.googleapis.com ; form-action 'self'; frame-ancestors 'self' ; img-src 'self' data: https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com 'unsafe-inline' 'unsafe-eval'  2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.google-analytics.com www.googletagmanager.com/ www.google.com/jsapi www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com static.ads-twitter.com cdn.mouseflow.com js.stripe.com js.braintreegateway.com cdn.pubnub.com connect.facebook.net cdnjs.cloudflare.com/ajax/libs/select2/ cdnjs.cloudflare.com/ajax/libs/d3/ *.twitter.com *.twimg.com cdn.jsdelivr.net/npm/vue cdn.jsdelivr.net/npm/vue/dist/vue.js; style-src 'unsafe-inline' 'self' www.google.com www.gstatic.com/recaptcha *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.twitter.com cdnjs.cloudflare.com/ajax/libs/select2/ use.fontawesome.com; 2
policy-uri /'self' 2
frame-ancestors 'self' https://*.salesforce.com 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
default-src 'self' dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self'  2
frame-ancestors 'self'; 2
default-src 'self' ; script-src 'self';object-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; connect-src 'self' ; 2
default-src 'self'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ https://apis.google.com;script-src 'self'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ https://apis.google.com 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline'  https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ;img-src 'self' data: https://apis.google.com *.tile.openstreetmap.org https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ;object-src 'none'; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com http://connect.ok.ru https://connect.ok.ru https://cdn.onesignal.com https://*.doubleclick.net https://onesignal.com http://*.googletagservices.com https://yastatic.net http://*.yandex.net https://*.yandex.net http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com feeds.feedburner.com feedburner.google.com counter.rambler.ru http://*.yandex.ru https://*.yandex.ru *.avtoed.com http://*.gstatic.com https://*.gstatic.com http://yandex.st https://yandex.st http://vk.com https://vk.com http://vk.comcdn.connect.mail.ru https://vk.comcdn.connect.mail.ru http://mc.yandex.ru https://mc.yandex.ru http://*.google-analytics.com https://*.google-analytics.com; object-src 'self' http://*.youtube.com https://*.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.gstatic.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://onesignal.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com; img-src * 'self' data: http://mc.yandex.ru https://mc.yandex.ru http://yastatic.net https://yastatic.net; media-src 'self'; frame-src 'self' http://connect.ok.ru https://connect.ok.ru http://platform.twitter.com https://platform.twitter.com https://onesignal.com http://*.avtoed.com http://orphus.ru http://*.yandex.net https://*.yandex.net http://*.yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net https://yandexadexchange.net http://*.yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net http://yastatic.net https://yastatic.net http://*.youtube.com https://*.youtube.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://connect.mail.ru https://connect.mail.ru http://vk.com https://vk.com; font-src 'self' http://*.gstatic.com https://*.gstatic.com; connect-src 'self' https://onesignal.com https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ua https://*.yandex.ua http://*.youtube.com https://*.youtube.com http://*.google-analytics.com https://*.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.gstatic.com https://*.gstatic.com; 2
reflected-xss block 2
policy 2
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de www.econda-monitor.de connect.facebook.net www.googleadservices.com maps.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'self' 'unsafe-inline'; style-src tagmanager.google.com fonts.googleapis.com c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net *.google.com maps.googleapis.com *.gstatic.com www.google-analytics.com *.google.de stats.g.doubleclick.net 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de www.econda-monitor.de www.google-analytics.com 'self'; report-uri /backend/csp 2
default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com  *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.mousestats.com  *.m4dc.com data: ; object-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com  *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com  *.googleapis.com cdn.jsdelivr.net *.typekit.net  *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com  *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com  maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 2
default-src * 'unsafe-inline' 'unsafe-eval'; 2
policy-uri /parivahan/'self' 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com securepubads.g.doubleclick.net cdn.jsdelivr.net request.czilladx.com csi.gstatic.com c.pub.network d.pub.network display.bfmio.com ib.adnxs.com freestar-d.openx.net qcx.quantserve.com https://qcx.quantserve.com:8443 hbopenbid.pubmatic.com g2.gumgum.com; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1
frame-ancestors *.payback.de 1
default-src 'self' https://mozillathimblelivepreview.net; frame-src 'self' https://docs.google.com blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; child-src 'self' https://pontoon.mozilla.org blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; script-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://mozorg.cdn.mozilla.net https://www.google-analytics.com https://pontoon.mozilla.org https://mozillathimblelivepreview.net; connect-src 'self' https://pontoon.mozilla.org https://mozilla.github.io/thimble-homepage-gallery/activities.json https://api.github.com/repos/mozilla/thimble.mozilla.org/issues https://mozillathimblelivepreview.net; frame-ancestors https://pontoon.mozilla.org; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://code.cdn.mozilla.net/ https://pontoon.mozilla.org; img-src *; media-src *; style-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://fonts.googleapis.com https://mozorg.cdn.mozilla.net https://netdna.bootstrapcdn.com https://pontoon.mozilla.org 'sha256-AnlD8XRHNPxhNZ/6MucKFJr9yYGQtn8bmvveYkBg7a4=' 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com *.sce.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com *.sce.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.serving-sys.com; report-uri /report-csp-violation 1
default-src 'self' rufilm.tv rufilmtv.org *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club news.gnezdo.ru *.youtube.com *.union-site-data.com *.pbcde.com *.nshes.ru pbcde.com nshes.ru *.gnezdo.ru news.2xclick.ru smartpush1.info theyhat.com smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info cpasmrttds.info adsblockkpush.com accommon.info samnioc.info dialected.info alphamrkt.com *.supuv2.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com adbetnet.com *braun634.com m-shes.ru etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.mgid.com *.steepto.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com mylma.gdn cdn.hgdat.com *.twitch.tv player.twitch.tv cdn.jsdelivr.net hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.reyden-x.com reyden-x.com stream.reyden-x.com http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.twitch.tv player.twitch.tv cdn.jsdelivr.net *.union-site-data.com *.braun634.com union-site-data.com *.pbcde.com pbcde.com *.nshes.ru nshes.ru *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv tvc.ru m-shes.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net advmaker.su yt.advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 stream.reyden-x.com samnioc.info yt.advmaker.su mc.yandex.ru *.reyden-x.com rtb.kadam.ru vogozae.ru *.twitch.tv player.twitch.tv cdn.jsdelivr.net 1
default-src 'self' *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it; style-src 'self' *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com; frame-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; worker-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; child-src 'self' opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com opendataavcp.interno.it; font-src 'self' data: opendataavcp.interno.it *.gstatic.com; frame-ancestors 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' wss://bitribe.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://static.bitribe.com https://www.google.com https://www.google.co.kr blob: data:; media-src 'none'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://payments.amazon.co.jp/ https://payments.amazon.co.uk https://*.amazon.de https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://payments.amazon.co.jp https://payments-jp.amazon.com https://*.amazon.de https://payments-de.amazon.com https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com  www.bpost2.be bpaid.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be  cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
frame-ancestors https://apps.facebook.com http://www.clickjogos.com.br http://clickjogos.com.br https://www.clickjogos.com.br https://clickjogos.com.br http://tibia.uol.com.br https://tibia.uol.com.br 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com  *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' * www.googletagmanager.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com  www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' salesiq.zohopublic.com css.zohostatic.com dyjgaef5vuq51.cloudfront.net fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' salesiq.zoho.com img.zohostatic.com salesiq.zohopublic.com fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' search.usa.gov www.google-analytics.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' search.usa.gov platform.twitter.com; img-src 'self' www.google-analytics.com data: platform.twitter.com pbs.twimg.com scontent.cdninstagram.com syndication.twitter.com; frame-src 'self' www.youtube.com syndication.twitter.com platform.twitter.com www.dhs.gov; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation 1
frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ok-cloud.net:* *.openbank.es:* https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tags.tiqcdn.com *.google-analytics.com:* *.tealiumiq.com:* https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net *.adnxs.com *.ytimg.com api-ob.nd.nudatasecurity.com https://js-agent.newrelic.com *.clicktale.net *.googletagmanager.com *.wbtrk.net simuladores.afi.es *.mateti.net  https://bam.nr-data.net optimize.google.com *.we-stats.com static.browseranalytic.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com *.openbank.es api-ob.nd.nudatasecurity.com ; img-src 'self' data: 'unsafe-inline' *.amazonaws.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com data: *.iconfinder.com *.google-analytics.com *.doubleclick.net  *.openbank.es *.google.com *.google.com.co *.google.es *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com https://aax-eu.amazon-adsystem.com https://openbanklive01.wt-eu02.net  openbanktest01.wt-eu02.net  https://fbc.wcfbc.net my.tealiumiq.com; media-src 'self' 'unsafe-inline' *.amazonaws.com  *.openbank.es *.youtube.com; frame-src 'self' https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es *.mateti.net datacloud.tealiumiq.com *.prihipotstlbr001.aws.ok-cloud.net *.pristglbr001.aws.ok-cloud.net *.pubocualb001.aws.openbank.es *.priocualb001.aws.openbank.es *.clientes.openbank.es; child-src  https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es *.prihipotstlbr001.aws.ok-cloud.net *.pristglbr001.aws.ok-cloud.net *.pubocualb001.aws.openbank.es *.priocualb001.aws.openbank.es *.clientes.openbank.es blob:; font-src 'self' data: https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com; connect-src *.ok-cloud.net:* *.openbank.es:* openbank-dev pub-local.ok-cloud.net openbank.ci openb.mockable.io *.tealiumiq.com api-ob.nd.nudatasecurity.com *.clicktale.net *.mateti.net  https://bam.nr-data.net *.google-analytics.com *.we-stats.com; report-uri /report-csp-violation 1
default-src 'self' live-aclu-d7.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aclu.org live-aclu-d7.pantheonsite.io *.documentcloudBLOCK.org squizlabs.github.io js-agent.newrelic.com bam.nr-data.net aclu.tt.omtrdc.net cdn.tt.omtrdc.net www.youtube.com/iframe_api s.ytimg.com static.chartbeat.com static2.chartbeat.com www.paypalobjects.com www.paypal.com cdn.heapanalytics.com heapanalytics.com *.chartbeat.com; object-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; style-src 'self' 'unsafe-inline' *.aclu.org live-aclu-d7.pantheonsite.io squizlabs.github.io cdn.tt.omtrdc.net heapanalytics.com; img-src 'self' 'unsafe-inline' data: *.aclu.org live-aclu-d7.pantheonsite.io *.xip.io img.youtube.com s3.amazonaws.com smetrics.aclu.org squizlabs.github.io aclu.org omnitureengineering.d1.sc.omtrdc.net heapanalytics.com *.chartbeat.net; media-src 'self'  *.aclu.org live-aclu-d7.pantheonsite.io; frame-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io *.youtube-nocookie.com *.facebook.com *.youtube.com *.newsbound.com *.vote411.org https://fora.tv *.ted.com *.storify.com *.mtvnservices.com *.thinglink.com *.theguardian.com filestorage.aclu.org *.omniture.com georgejosephmapping.carto.com w.soundcloud.com www.paypal.com www.sandbox.paypal.com chartbeat.com *.chartbeat.com; font-src 'self' data: *.aclu.org live-aclu-d7.pantheonsite.io heapanalytics.com; connect-src 'self' live-aclu-d7.gotpantheon.com graph.facebook.com phone.reverehq.com https://action.aclu.org live-aclu-d7.pantheonsite.io https://aclu.tt.omtrdc.net www.paypal.com heapanalytics.com mab.chartbeat.com; report-uri /admin/config/system/seckit/csp-report 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.com https://aw.dw.impact-ad.jp https://ssl-avd.innity.net https://as.innity.com https://cdn.innity.net https://sgp-spvapro-01.teleperformanceusa.com https://cdnjs.cloudflare.com https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' https://optimize.innity.com https://avd.innity.com https://ib.adnxs.com http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com  http://www.google-analytics.com  https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com  yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://www.itsme.be https://business.itsme.be; script-src 'self' 'sha256-7cojap65Z8u7cb2zVYoh8EzAt9dpvJv+vWyXDuc1gDk=' https://www.itsme.be https://business.itsme.be *.google-analytics.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://www.itsme.be https://business.itsme.be *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com; object-src 'none' ; frame-src 'self' https://www.itsme.be https://business.itsme.be *.youtube.com *.youtube-nocookie.com; connect-src https://www.itsme.be https://business.itsme.be *.google-analytics.com; 1
frame-src *; 1
default-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://www.pointspot.com https://d2oqblkpgg4rwg.cloudfront.net https://d2v8pqu56zrlzr.cloudfront.net  https://*.intelispend-staging.com https://intelispend-staging.com https://*.intelispend.com https://www.1.awardhq.com; font-src 'self' https://*.intelispend.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src *; style-src https: 'unsafe-inline'; script-src https: https://www.google.com/recaptcha www.recaptcha.net 'unsafe-eval' 'unsafe-inline'; child-src www.google.com www.recaptcha.net; referrer origin; reflected-xss block; sandbox allow-same-origin allow-scripts allow-popups allow-forms; object-src 'none'; frame-ancestors 'self'; form-action 'self'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
base-uri 'self'; default-src 'none'; connect-src 'self' https://*.animebytes.tv; font-src 'self' data:; form-action 'self' https://*.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://*.animebytes.tv https://www.youtube-nocookie.com https://*.soundcloud.com; img-src 'self' https://*.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'none'; report-uri /xhr/csp; report-to /xhr/csp; upgrade-insecure-requests; options inline-script eval-script; xhr-src 'self' https://*.animebytes.tv; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.com/ads https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; media-src 'self'; frame-src 'self' https://trustly.desk.com https://accounts.google.com https://www.google.com/maps/embed https://maps.google.se/maps https://www.youtube.com https://tb.de17a.com https://services.trustlylabs.com/recaptcha/; script-src 'self'; font-src 'self'; connect-src 'self' https://services.trustlylabs.com https://tr.datanyze.com https://t.co https://www.salesforce.com https://api.lever.co; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self';style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oss.maxcdn.com https://w.uptolike.com http://place1102.nighter.club http://*.disqus.com http://dsp.kavanga.ru http://w.uptolike.com http://*.googleapis.com http://www.youtube.com http://*.disquscdn.com https://*.googleapis.com http://www.google-analytics.com http://ads.betweendigital.com http://*.admixer.net https://brandomatic.ru http://disqus.com http://*.rambler.ru http://cache.betweendigital.com http://yandex.st http://*.yandex.ru http://cdn.admixer.net https://relap.io https://yandex.st https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.st http://vk.com http://platform.twitter.com http://api9.net https://apis.google.com http://js.advideo.ru https://advertshot.ru http://place1100.nighter.club http://rt.tizerlady.biz http://uk.tizerlady.com http://v.actionteaser.ru http://ssp.clickganic.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.comhttps://*.heatmap.it https://coincap.io wss://ws.coincap.io; 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.nestlebeverages.acsitefactory.com es.factory.nescafe.com *.krxd.net spain.nestlebeverages.acsitefactory.com www.google.co.in; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net https://l3.evidon.com/ *.doubleclick.net; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /es/report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 1
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com http://*.ecal.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net *.cloudfront.net *.sharethis.com https://vjs.zencdn.net/5.11.6/video.min.js https://www.youtube.com/iframe_api https://api.keen.io/3.0/projects/57e146aa8db53dfda8a703aa/events/* https://s.ytimg.com/yts/jsbin/www-widgetapi-vflN2g023/www-widgetapi.js http://*.hotjar.com *.twitter.com *.twimg.com http://*.hotjar.com https://*.hotjar.com http://sync.ecal.com/button/v1/main.js 'unsafe-eval' http://sync.ecal.com/button/v1/main.js http://sync.ecal.com/button/v1/widget.0d984b8.js https://widget.spreaker.com/widgets.js; object-src *.googletagmanager.com *.google.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google.com https://vjs.zencdn.net/5.11.6/video-js.min.css https://d3b68xc7uyqhns.cloudfront.net/assets/css/schuh.css *.twitter.com https://ws.sharethis.com/button/css/buttons-secure.css http://sync.ecal.com https://sync.ecal.com/button/v1/css/widget.0d984b8.css https://sync.ecal.com/button/v1/css/*; img-src * http://*.hotjar.com https://*.hotjar.com; media-src 'self' *.googletagmanager.com *.google.com; frame-src 'self' https://www.google.com https://www.youtube.com https://video.pdc.tv *.googletagmanager.com *.google.com  https://*.hotjar.com *.twitter.com https://pdc.tell-us-what-you-think.com https://c.sharethis.mgr.consensu.org https://ws.sharethis.com http://t.sharethis.com http://l.sharethis.com https://sync.ecal.com https://sync.ecal.com/* https://sync.ecal.com https://widget.spreaker.com; frame-ancestors *.googletagmanager.com *.google.com; child-src *.googletagmanager.com *.google.com https://*.hotjar.com; font-src 'self' *.googletagmanager.com *.google.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' https://pdclive.servasport.com https://www.sportradar.com *.googletagmanager.com *.google.com https://drive-video.herokuapp.com/mbx/c889b040 https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://t.sharethis.com/* https://*.sharethis.com https://vc.hotjar.io https://api.ecal.com https://api.ecal.com/*; report-uri /report-csp-violation 1
default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com; object-src 'self' static.integromat.com 1
script-src 'self' www.papara.com papara.com api.instagram.com az416426.vo.msecnd.net maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' www.papara.com papara.com s3-eu-west-1.amazonaws.com  scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com scontent.xx.fbcdn.net graph.facebook.com www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self' 1
frame-src https://*.pantheonsite.io https://*.addtoany.com/ https://*.serving-sys.com https://*.adsrvr.org https://*.doubleclick.net https://*.fbcdn.net https://*.youtube.com https://*.twitter.com https://*.hotjar.com https://*.amazon.com https://secure.doctorswithoutborders.org https://*.doctorswithoutborders.org https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.clickdimensions.com https://*.brighttag.com https://*.thebrighttag.com https://*.agkn.com https://*.btstatic.com https://*.caselmedia.com https://*.crwdcntrl.net https://*.taboola.com https://*.demdex.net https://*.licdn.com https://*.ad-twitter.com https://*.bttrack.com https://bttrack.com https://s.amazon-adsystem.com/ https://tpc.googlesyndication.com/ https://cdn.knightlab.com/ https://uploads.knightlab.com/ https://*.js.ubembed.com https://*.vimeo.com https://*.pages.ubembed.com/ https://*.thinglink.com/ https://*.livestream.com/ https://livestream.com/ https://*.exposure.co/; child-src https://*.pantheonsite.io https://*.addtoany.com/ https://*.serving-sys.com https://*.adsrvr.org https://*.doubleclick.net https://*.fbcdn.net https://*.youtube.com https://*.twitter.com https://*.hotjar.com https://*.amazon.com https://secure.doctorswithoutborders.org https://*.doctorswithoutborders.org https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.clickdimensions.com https://*.brighttag.com https://*.thebrighttag.com https://*.agkn.com https://*.btstatic.com https://*.caselmedia.com https://*.crwdcntrl.net https://*.taboola.com https://*.demdex.net https://*.licdn.com https://*.ad-twitter.com https://*.bttrack.com https://bttrack.com https://s.amazon-adsystem.com/ https://tpc.googlesyndication.com/ https://cdn.knightlab.com/ https://uploads.knightlab.com/ https://*.js.ubembed.com https://*.vimeo.com https://*.pages.ubembed.com/ https://*.thinglink.com/ https://*.livestream.com/ https://livestream.com/ https://*.exposure.co/; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com *.whisbi.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com *.whisbi.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com; report-uri /admin/config/system/seckit/csp-report 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' static.hotjar.com cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com js.braintreegateway.com assets.braintreegateway.com www.google.com *.hotjar.com www.google-analytics.com *.vo.msecnd.net dc.services.visualstudio.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com *.fotorama.io adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net assets.braintreegateway.com *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net media.licdn.com; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com assets.braintreegateway.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com *.hotjar.com; font-src * https: data:; 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'; 1
report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org; 1
default-src 'self'; object-src 'none'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://js-agent.newrelic.com 'unsafe-inline'; img-src 'self' https://ssl.gstatic.com/ www.google-analytics.com www.gravatar.com secure.gravatar.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.facebook.com/ https://github.com/ https://api.twitter.com/; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com  loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net ; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com ; connect-src 'self' bam.nr-data.net e.issuu.com; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-10acd3b88f44f027d9b4e1aee1bde85f' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com; report-uri /report-csp-violation 1
default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' trust.zone data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com *.paypalobjects.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com paypal.com; report-uri https://trust.zone/_csp_log 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.gstatic.com https://apis.google.com https://www.google.com pagead2.googlesyndication.com www.google-analytics.com www.google-analytics.com *.googletagservices.com *.googleadservices.com *.googleapis.com www.google.com ssl.gstatic.com *.doubleclick.net https://securepubads.g.doubleclick.net http://publisherconsole.appspot.com *.gstatic.com https://graph.facebook.com *.facebook.net https://vk.com https://login.vk.com https://cdn.api.twitter.com yandex.st share.yandex.ru https://mc.yandex.ru https://api.flickr.com; object-src 'self'  http://www.gstatic.com pagead2.googlesyndication.com http://tpc.googlesyndication.com https://tpc.googlesyndication.com *.cdn.yandex.net; style-src 'self' 'unsafe-inline' ; img-src *; media-src 'self' *.cdn.yandex.net ; frame-src 'self'  https://content.googleapis.com https://accounts.google.com googleads.g.doubleclick.net cm.g.doubleclick.net *.googlesyndication.com www.google.com www.youtube.com https://www.youtube.com http://publisherconsole.appspot.com http://tpc.googlesyndication.com https://cm.g.doubleclick.net *.facebook.com https://www.facebook.com https://s-static.ak.facebook.com vk.com login.vk.com; font-src * data:; connect-src 'self'  *.gstatic.com www.youtube.com https://mc.yandex.ru mc.yandex.ru *.cdn.yandex.net; 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.comi *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.krxd.net *.krxd.net https://beacon.krxd.net https://cdn.krxd.net ; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net dotcom.nestlebeverages.acsitefactory.com *.google.co.in; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com https://www.googletagmanager.com *.krxd.net; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com  http://svc.webspellchecker.net https://ajax.googleapis.com/ https://maps.google.com/ https://maps.googleapis.com/ https://weatherwidget.io/; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com https://maps.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://tripura.gov.in/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://164.100.127.45 https://weatherwidget.io; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
default-src 'self'; style-src 'unsafe-inline' *; frame-src *; img-src * data:; media-src *; font-src *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.com.ua *.yandex.net *.yandex.ru *.yandex.ua yastatic.net *.imgsmail.ru *.google.com adservice.google.ru *.yandex.st an.yandex.ru platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru; connect-src *; report-uri /csp.php 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com  *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com  *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.googleapis.com http://*.googleapis.com https://*.avis-verifies.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.aspnetcdn.net https://*.aspnetcdn.com https://*.google.fr https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.netreviews.eu https://*.googletagmanager.com https://*.google.co.uk https://*.plyr.io https://*.vimeo.com https://*.avis-verifies.com https://*.videostep.com https://*.cedexis.com https://*.segment.com https://*.google.com https://*.taboola.com https://*.geoportail.gouv.fr https://*.kxcdn.com https://*.cedexis-radar.net http://*.gstatic.com https://beeker.io https://*.mailgun.net https://*.realytics.net https://*.realytics.io https://*.hotjar.com https://*.outbrain.com https://*.cloudflare.com https://*.rawgit.com https://*.google.ie https://*.hotjar.io wss://*.hotjar.com/ http://*.hotjar.com ; report-uri /report-csp-violation 1
default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.tokenoftrust.com *.qredit.cloud *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'nonce-fdc5449ad06353acd0ded1a7f0b0534d' *.google.com *.googleusercontent.com *.altilly.com *.tokenoftrust.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.tokenoftrust.com *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be; report-uri /eur/report-csp-violation 1
default-src https: 'unsafe-inline' 1
default-src=self 1
default-src 'self' data: ads.papabaerproductions.com *.googleapis.com https://ssl.google-analytics.com *.tinymce.com *.tiny.cloud *.gstatic.com; script-src 'self' data: 'unsafe-inline' certify-js.alexametrics.com ads.papabaerproductions.com *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.facebook.net *.cloudfront.net *.cloudflare.com; style-src 'self' data: 'unsafe-inline' ads.papabaerproductions.com *.tinymce.com *.tiny.cloud *.google.com *.googleapis.com https://ssl.google-analytics.com *.gstatic.com; img-src 'self' data: blob: certify.alexametrics.com *.google.com *.google-analytics.com cloudfront-labs.amazonaws.com *.facebook.net *.cloudfront.net ads.papabaerproductions.com; frame-src 'self' data: *.google.com *.facebook.com ads.papabaerproductions.com; media-src 'self' blob:; object-src 'self' blob:; 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://themes.googleusercontent.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net https://code.jquery.com https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.linkedin.com/ https://www.google-analytics.com/; img-src 'self' https://www.facebook.com  https://syndication.twitter.com https://www.linkedin.com/; frame-src 'self' 'unsafe-inline' https://www.canal-u.tv http://www.canal-u.tv https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.facebook.com/ https://accounts.google.com/ https://s-static.ak.facebook.com/ https://staticxx.facebook.com https://www.youtube.com; report-uri /fr/report-csp-violation 1
script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1
child-src 'self' www.youtube.com accounts.google.com; connect-src *; default-src 'self'; img-src 'self' * storage.googleapis.com maps.googleapis.com images.pexels.com *.amazonaws.com www.localsearch.com.au maps.googleapis.com maps.gstatic.com *.localsearch.cloud *.googleusercontent.com *.facebook.com googleads.g.doubleclick.net pagead2.googlesyndication.com ssl.gstatic.com data:; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' * cdn.polyfill.io maps.googleapis.com connect.facebook.net/en_US/sdk.js *.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com tagmanager.google.com googletagmanager.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com fonts.googleapis.com cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css fonts.googleapis.com/css; frame-src *.facebook.com *.google.com *.youtube.com *.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 1
default-src 'self' '*.youtu.be' '*.youtube.com' '*.sgul.ac.uk' '*.google.com' '*.hotjar.com' '*.schema.org' '*.googletagmanager.com'” 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo *.google.com; object-src 'unsafe-inline'  iiabank.com.jo *.iiabank.com.jo; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.ckeditor.com *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com iiabank.com.jo *.iiabank.com.jo; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; report-uri /ar/report-csp-violation 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src ; script-src https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de; connect-src 'self' entrecode.de *.entrecode.de localhost:7777 https://www.google-analytics.com; manifest-src 'self' 1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self' https://fonts.gstatic.com; img-src *; script-src 'self' https://maps.googleapis.com/ https://ipirani.ir/ https://www.google-analytics.com/ https://cdn.zarinpal.com/  'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google-analytics.com *.typekit.com *.addthis.com *.addthisedge.com *.chartbeat.com *.infogram.com *.jquery.com unpkg.com *.newrelic.com *.nr-data.net *.formstack.com *.googleapis.com *.amazonaws.com *.wnyc.org *.cloudflare.com *.twitter.com *.twimg.com airtable.com *.airtable.com; object-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; style-src 'self' 'unsafe-inline' unpkg.com *.formstack.com *.google.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; img-src 'self' 'unsafe-inline' data: *.twimg.com *.typekit.net *.google-analytics.com *.doubleclick.net *.chartbeat.net *.tinypic.com *.wmflabs.org *.formstack.com *.amazonaws.com *.googleapis.com *.wnyc.org *.addthis.com *.twitter.com airtable.com *.airtable.com; media-src 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.twitter.com airtable.com *.airtable.com; frame-src 'self' 'unsafe-inline' datawrapper.dwcdn.net *.addthis.com *.google.com *.infogram.com *.jquery.com *.formstack.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com *.c-span.org *.youtube.com; frame-ancestors 'self' 'unsafe-inline' *.formstack.com *.google.com  *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com airtable.com *.airtable.com; font-src 'self' 'unsafe-inline' *.typekit.com *.googleapis.com *.gstatic.com *.twitter.com airtable.com *.airtable.com; connect-src 'self' 'unsafe-inline' *.addthis.com *.typekit.net *.google.com *.google-analytics.com *.googleapis.com *.wnyc.org *.twitter.com *.doubleclick.net airtable.com *.airtable.com; report-uri //report-csp-violation 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-TlyWDjhlao/UznySPXpQHbYYUWGuD90Bi7+iELAb0c0=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.rawgit.com *.ilblogdellestelle.it *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com *.parastorage.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com data:; object-src 'self' *.ilblogdellestelle.it *.s3-eu-west-1.amazonaws.com; frame-src 'self' *.ilblogdellestelle.it *.wix.com *.facebook.net *.facebook.com batchgeo.com *.youtube.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ilblogdellestelle.it *.ytimg.com *.wixstatic.com *.paypalobjects.com *.google-analytics.com *.gstatic.com *.google.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.parastorage.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com data:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maxymiser.net:* *.cloudfront.net:* *.googletagmanager.com:* *.facebook.net:* *.tvsquared.com:* *.tito.io:* *.youtube.com:* *.outbrain.com:* *.google-analytics.com:* *.ytimg.com:* *.google.com:* *.gstatic.com:* *.newrelic.com *.micpn.com:* *.nr-data.net:* *.twitter.com:* *.pinterest.com:* *.craftyclicks.co.uk:* *.blackbaudhosting.com:* *.ubembed.com:* *.pinimg.com:* *.adsrvr.org:* *.ads-twitter.com:* *.bing.com:*; object-src *.cloudfront.net:* *.cloudfront.net *.maxymiser.net:*; style-src 'self' 'unsafe-inline' *.acquia-sites.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.blackbaudhosting.com:*; img-src 'self' data: *.cloudfront.net *.cloudfront.net:* *.adnxs.com:* *.tvsquared.com:* *.outbrain.com:* *.google-analytics.com:* *.facebook.com:* *.doubleclick.net:* *.googletagmanager.com:* *.google.com:* *.google.co.uk:* *.atdmt.com:* *.adnxs.com:* *.google.co.in:* *.force.com:* *.ytimg.com:* *.micpn.com:* *.twitter.com:* *.battersea.org.uk:* *.adsrvr.org:* *.casalemedia.com:* *.pinterest.com:* *.blackbaudhosting.com:* t.co:* *.bing.com:*; media-src 'self' *.cloudfront.net:* *.cloudfront.net; frame-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:*; frame-ancestors *.doubleclick.net:* *.google.com:*  *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.bdch.org.uk:*; child-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:*; font-src 'self' 'unsafe-inline' *.googleusercontent.com:* *.google.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.maxymiser.net:* data:* data:; connect-src 'self' *.google-analytics.com:*  *.maxymiser.net:* *.facebook.com:* *.pinterest.com:* *.doubleclick.net:*; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www12.f-tra.jp *.b.st-hatena.com b.st-hatena.com www.google.com www.google.jp www.gstatic.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com www.googletagmanager.com apis.google.com twitter.com cdn.syndication.twimg.com platform.twitter.com s.yjtag.jp *.yahoo.co.jp yubinbango.github.io app.gorilla-efo.com jpostal-1006.appspot.com; style-src 'self' 'unsafe-inline' www12.f-tra.jp ajax.googleapis.com *.twitter.com platform.twitter.com ton.twimg.com; frame-src 'self' b.hatena.ne.jp cdn.api.b.hatena.ne.jp www.youtube.com *.google.com www.facebook.com *.twitter.com platform.twitter.com *.yjtag.jp *.yahoo.co.jp www.umadb.com player.vimeo.com *.vimeo.com; img-src * data:; media-src *; font-src 'self' data:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net *.yandex.ru yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.com *.yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.googleapis.com *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
policy-uri /'unsafe-inline' 1
frame-ancestors https://www.webmd.com; report-uri /report-csp-violation 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src dica.gov.mm www.dica.gov.mm 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.doubleclick.net *.nr-data.net *.addthis.com *.addthisedge.com *.jquery.com *.google.com; report-uri /en/report-csp-violation 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net; 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-6h7dFLmzAoTjMrE7bjN+ohMSzyVPl7fK8aT48kxzZ1Q=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' *.bossa.pl www.google.com; script-src 'self' 'unsafe-eval' *.bossa.pl www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.gstatic.com maps.googleapis.com www.google.com 'unsafe-inline'; style-src 'self' *.bossa.pl www.gstatic.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.bossa.pl www.google-analytics.com stats.g.doubleclick.net google.com www.google.com google.pl www.google.pl www.google.de maps.gstatic.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; media-src 'self' *.bossa.pl 'unsafe-inline'; font-src 'self' *.bossa.pl themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; connect-src 'self' *.bossa.pl www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com blob: data:; media-src 'none'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net; media-src 'self' https: *.guinness-storehouse.com 1
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; report-to /csp-report; 1
default-src 'self' https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com  https://translate.google.com https://cdn.syndication.twimg.com/ https://docs.google.com; script-src  'self' 'unsafe-inline' https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://spark.adobe.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com  https://translate.google.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'unsafe-inline' *; img-src 'self' data: https: https://www.google-analytics.com; frame-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com  https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://*.vimeo.com/; child-src 'self' https://*.tampagov.net https://www.youtube.com https://*.google.com https://spark.adobe.com  https://platform.twitter.com https://livestream.com https://syndication.twitter.com; font-src 'self' data: https: ; report-uri /report-csp-violation 1
default-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://consent.cookiebot.com qs-assets-realestate.enc-test.de form.lidl.com assets.realestate.lidl data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.bing.com *.virtualearth.net; style-src 'self' 'unsafe-inline' *.bing.com *.virtualearth.net; media-src *; object-src 'none'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 'self' 'unsafe-inline'; img-src https: data: blob: 'self'; frame-src https: 'self' ; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com optimize.google.com seal.digicert.com *.inspectlet.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' *.google-analytics.com optimize.google.com fonts.googleapis.com; img-src 'self' data: *.googletagmanager.com *.google-analytics.com optimize.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.inspectlet.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.listerhill.com; frame-src data: *.google-analytics.com optimize.google.com *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: *.google-analytics.com optimize.google.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.inspectlet.com wss://ws.inspectlet.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.ytimg.com *.vimeo.com *.audioeye.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com https://cdn.knightlab.com; report-uri /report-csp-violation 1
default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com; frame-src 'self' *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com/; report-uri /report-csp-violation 1
default-src 'self'; script-src  'unsafe-inline' 'unsafe-eval' 'self' *.cmog.org *.google-analytics.com *.hotjar.com *.adroll.com *.googleapis.com *.newrelic.com *.jquery.com *.nr-data.net *.google.com *.gstatic.com *.authorize.net *.facebook.net data:; object-src 'self' *; style-src 'self' 'unsafe-inline' *.cmog.org; img-src 'self' * data: blob:; media-src 'self' *.youtube.com *.youtu.be; frame-src *.cmog.org *.hotjar.com *.youtube.com *.google.com *.vimeo.com *.culturalspot.org; frame-ancestors 'self' *.cmog.org *.hotjar.com; child-src *.cmog.org *.youtube.com *.hotjar.com; font-src *.cmog.org data: 'self' https://cdn.joinhoney.com  https://fonts.gstatic.com; connect-src *.cmog.org https://*.hotjar.com wss://*.hotjar.com *.google-analytics.com *.optimalworkshop.com *.g.doubleclick.net  *.facebook.net *.authorize.net *.hotjar.io; report-uri /report-csp-violation 1
script-src www.google-analytics.com google.com www.google.com https://www.google.com https://www.gstatic.com google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://csi.gstatic.com code.jquery.com ajax.googleapis.com https://maps.googleapis.com http://maps.googleapis.com http://www.googletagmanager.com https://connect.facebook.net http://connect.facebook.net data: cdnjs.cloudflare.com f.fontdeck.com stats.g.doubleclick.net module-videodesk.com cacherow.videodesk.com js.pusher.com www.google-analytics.com maps.google.com platform.twitter.com cdn.syndication.twimg.com https://awsir.videodesk.com https://sjs.bizographics.com http://js.bizographics.com https://snap.licdn.com https://dc.ads.linkedin.com ; object-src 'self' http://youtube.com https://www.youtube.com http://i.ytimg.com https://i.ytimg.com http://i1.ytimg.com https://i1.ytimg.com http://i2.ytimg.com https://i2.ytimg.com http://i3.ytimg.com https://i3.ytimg.com http://i4.ytimg.com https://i4.ytimg.com http://player.vimeo.com https://player.vimeo.com http://dailymotion.com https://dailymotion.com http://www.dailymotion.com https://www.dailymotion.com https://secure.adnxs.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.motel-one.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com *.pinterest.com *.cdninstagram.com *.fbcdn.net *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com squarelovin.com *.squarelovin.com *.adup-tech.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.ytimg.com *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; connect-src 'self' *.motel-one.com *.facebook.com *.pinterest.com squarelovin.com *.squarelovin.com *.adup-tech.com *.fbcdn.net http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; font-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com squarelovin.com *.squarelovin.com *.adup-tech.com *.fbcdn.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com squarelovin.com *.squarelovin.com *.adup-tech.com *.fbcdn.net; frame-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com squarelovin.com *.squarelovin.com *.adup-tech.com *.pinterest.com *.cdninstagram.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.fbcdn.net http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.googleapis.com *.newrelic.com *.nr-data.net *.google-analytics.com *.google.com *.getsitecontrol.com *.gstatic.com *.kxcdn.com 'strict-dynamic' 'nonce-3b26651692dc7e9815149cdc'; object-src 'none'; style-src 'unsafe-inline' 'self' *.googleapis.com *.bootstrapcdn.com; img-src 'self' * data:; frame-src 'self' *.google.com; font-src *.googleusercontent.com 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.apigee.com *.getsitecontrol.com *.apigee.net; report-uri /admin/config/system/seckit/csp-report 1
frame-src 'self' www.youtube.com www.miniclip.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
default-src 'self' golos.id www.youtube.com *.facebook.com; child-src 'self' www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com chat.golos.id livejournal.com www.google.com/maps/ coub.com yandex.ru/map-widget/ music.yandex.ru deezer.com vk.com/video_ext.php ok.com/videoembed rutube.ru/play/embed/ *.a-ads.com; script-src 'self' 'unsafe-inline' *.facebook.com cyber.fund www.google-analytics.com *.facebook.net js-agent.newrelic.com bam.nr-data.net cdn.polyfill.io cdn.segment.com *.mxpnl.com *.metabar.ru mc.yandex.ru chat.golos.id media.reformal.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' cyber.fund wss://api.golos.blckchnd.com/ws wss://ws.golos.io *.facebook.com www.google-analytics.com api.segment.io api.blocktrades.us query.yahooapis.com api.blockcypher.com api.mixpanel.com mc.yandex.ru mc.yandex.ru images.golos.io; report-uri /api/v1/csp_violation; object-src 'self'; plugin-types application/pdf; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com http://*.hotjar.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' data: *.boplatssyd.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com http://*.hotjar.com https://*.hotjar.com *.ytimg.com *.vimeocdn.com http://i.vimeocdn.com stats.g.doubleclick.net http://services2.boplatssyd.se; media-src 'self' *.boplatssyd.se; frame-src 'self' *.malmo.se https://*.hotjar.com *.youtube.com *.vimeo.com *.google.com; font-src 'self' *.myfonts.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' *.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; child-src 'self' *; font-src 'self' *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de cms.deutsche-digitale-bibliothek.de *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de *.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com cms.deutsche-digitale-bibliothek.de; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' cms.deutsche-digitale-bibliothek.de; connect-src *.akamaihd.net *.vimeo.com 'self' cms.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de *.google.com *.twitter.com *.facebook.com *.youtube.com cms.deutsche-digitale-bibliothek.de; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de; 1
child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com; default-src 'self'; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is t.co *.gstatic.com *.googleapis.com *.ytimg.com https://islandsbanki-res.cloudinary.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com; worker-src 'self' blob: 1
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 1
default-src 'self' *.google-analytics.com *.newrelic.com stats.g.doubleclick.net *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com  *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com  *.google.com *.google.co.* stats.g.doubleclick.net *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com *.tbe.taleo.net *.tbe.taleo.net/chu03/ats/careers/apply.jsp d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data:  d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.g.doubleclick.net *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; frame-src https:; connect-src https:; manifest-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com/tr/; base-uri 'self' https://optimize.google.com/optimize/editor/; object-src 'none' 1
worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com; default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.ytimg.com  *.mopinion.com *.arcgisonline.com js.arcgis.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1
default-src 'self' data: *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.hypovbg.at cdnjs.cloudflare.com google.com analytics.arz.at www.google.com www.google-analytics.com www.googletagmanager.com maps.google.com maps.googleapis.com e.issuu.com; object-src 'self' *.youtube.com; style-src 'self' data: 'unsafe-inline' *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com fonts.googleapis.com; img-src 'self' data: *.hypovbg.at google.com www.google.com analytics.arz.at www.google-analytics.com www.googletagmanager.com www.youtube.com youtube.com www.youtube-nocookie.com youtube-nocookie.com maps.google.com maps.googleapis.com *.gstatic.com; media-src 'self'; frame-src 'self' kurse.banking.co.at *.hypovbg.at www.youtube.com youtube.com www.youtube-nocookie.com youtube-nocookie.com e.issuu.com; font-src 'self' data: *.hypovbg.at google.com www.google.com www.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; img-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com https://mc.yandex.ru/metrika/watch.js https://mc.yandex.ru/metrika/watch.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com wam.solution.weborama.fr cstatic.weborama.fr www.nescafe.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ https://l3.evidon.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com mc.yandex.ru; report-uri /ru/report-csp-violation 1
default-src 'self'; child-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; frame-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com; img-src 'self' https://www.facebook.com https://* * https://www.google-analytics.com https://ssl.google-analytics.com data:; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://s.ytimg.com 'nonce-5j4aCHwzLyi7N78rMZzKBDk4' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-uri https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; report-to https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; 1
img-src 'self' http://limelightgaming.net http://*.limelightgaming.net https://intern.limelightgaming.net http://discordapp.com https://discordapp.com http://*.discordapp.com https://*.discordapp.com https://steamuserimages-a.akamaihd.net http://prnt.sc https://ts3index.com http://*.prnt.sc prnt.sc *.prnt.sc http://prntscr.com http://*.prntscr.com prntscr.com http://dl.dropboxusercontent.com http://*.dl.dropboxusercontent.com dl.dropboxusercontent.com http://vgy.me http://*.vgy.me vgy.me *.vgy.me http://puu.sh http://*.puu.sh puu.sh *.puu.sh http://photobucket.com http://*.photobucket.com photobucket.com *.photobucket.com http://pinimg.com http://*.pinimg.com pinimg.com *.pinimg.com http://dropboxusercontent.com http://*.dropboxusercontent.com dropboxusercontent.com *.dropboxusercontent.com http://steamstatic.com http://*.steamstatic.com steamstatic.com *.steamstatic.com http://tinypic.com http://*.tinypic.com tinypic.com *.tinypic.com http://gravatar.com http://*.gravatar.com gravatar.com *.gravatar.com http://tumblr http://*.tumblr tumblr.com *.tumblr.com http://screenshot.net http://*.screenshot.net screenshot.net *.screenshot.net http://auplod.com http://*.auplod.com auplod.com *.auplod.com http://dropbox.com http://*.dropbox.com dropbox.com *.dropbox.com http://dropboxstatic.com http://*.dropboxstatic.com dropboxstatic.com *.dropboxstatic.com http://cloudflare.com http://*.cloudflare.com cloudflare.com *.cloudflare.com http://imgur.com http://*.imgur.com imgur.com *.imgur.com http://steampowered.com http://*.steampowered.com steampowered.com *.steampowered.com https://steamcommunity.com https://*.steamcommunity.com http://steamcommunity.com http://*.steamcommunity.com steamcommunity.com *.steamcommunity.com http://giphy.com http://*.giphy.com giphy.com *.giphy.com http://wikimedia.org http://*.wikimedia.org wikimedia.org *.wikimedia.org http://steamusercontent.com http://*.steamusercontent.com steamusercontent.com *.steamusercontent.com http://gametracker.com http://*.gametracker.com gametracker.com *.gametracker.com http://ggpht.com http://*.ggpht.com ggpht.com *.ggpht.com http://iconarchive.com http://*.iconarchive.com iconarchive.com *.iconarchive.com https://gyazo.com https://*.gyazo.com http://gyazo.com http://*.gyazo.com gyazo.com *.gyazo.com http://speedtest.net http://*.speedtest.net speedtest.net *.speedtest.net https://www.google-analytics.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net code.jquery.com www.googletagservices.com www.adbox.lt googleapis.com www.googleadservices.com vjs.zencdn.com www.audiklubas.com partner.googleadservices.com pagead2.googlesyndication.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://s.ytimg.com https://www.youtube.com https://tools.nutricia.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://tools.nutricia.de; img-src 'self' data: https://www.googletagmanager.com http://www.adobe.com https://www.google-analytics.com https://www.facebook.com https://www.gstatic.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com https://i.ytimg.com https://yt3.ggpht.com https://www.youtube-nocookie.com https://tools.nutricia.de; media-src 'self' *.googlevideo.com https://www.youtube-nocookie.com; frame-src 'self' https://tools.nutricia.de https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.googlevideo.com https://www.youtube-nocookie.com 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.samsung.com *.visa.com *.googleapis.com *.google-analytics.com *.kmda.gov.ua *.gstatic.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' gioc.kiev.ua *.gioc.kiev.ua suvorovskiy.com.ua *.suvorovskiy.com.ua *.kyivcity.gov.ua openosh.site cks.kiev.ua oschadbank.ua *.oschadbank.ua ukrticket.com.ua www.ukrticket.com.ua cks.com.ua kte.kmda.gov.ua *.kmda.gov.ua; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-3jrhVll0Fz8zda/pDeeoFUUX' 'nonce-UF8oSH44L01oeNBSWUzXUWFz' 'nonce-lPt5bOfUKKoBngqAFB9Mmrw/' 'nonce-6RGpmACMyOHcLRByQqTInnmY' 'nonce-t74EBfjtPq3v5xPMvNbkcp8w' 'nonce-rGRpuQJYlMvd3oerjKwFK6fa' 'nonce-K2JU/i8xB+eMEksp71CSvAK1' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net api01-platform.stream.co.jp; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in; report-uri /report-csp-violation 1
default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de com https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://cdn.m-pathy.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.leadlab.click https://netcologne.lamapoll.de https://r.df-srv.de https://*.visualwebsiteoptimizer.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net http://queatinotepase.cl https://tagmanager.google.com; object-src 'self' www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com http://queatinotepase.cl https://tagmanager.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net http://queatinotepase.cl https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://tagmanager.google.com; media-src 'self'; frame-src 'self'  www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; font-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' yastatic.net cdn.socket.io iplayer.org main.yayoye.com.ua 'unsafe-eval'  'unsafe-inline' *.pix-cdn.org yandex.st www.gstatic.com ad.iplayer.org:3000 pagead2.googlesyndication.com  mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src *;  style-src 'self' iplayer.org *.pix-cdn.org  'unsafe-inline'; img-src 'self' * data: *.pix-cdn.org  www.liveinternet.ru pagead2.googlesyndication.com counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com main.yayoye.com.ua gamegame.2974600.pix-cdn.org; media-src 'self'; frame-src 'self' googleads.g.doubleclick.net *; font-src 'self'; connect-src 'self'  iplayer.org api.iplayer.org mc.yandex.ru; report-uri https://caspr.io/endpoint/66066cdcb23dc03b223f90743a46265c96c10554feec61cf620e5a2768bc4a6f 1
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline';  1
base-uri 'none'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; script-src 'nonce-Rne6igK/CF+H4cAdtgFNTRvJ' 'unsafe-inline'; style-src https://hello.myfonts.net/count/ 'nonce-MQKsls62DgvctI4W+N8Nqc5G' 'unsafe-inline'; report-uri https://www.pwaportal.com/csp_reporting.php; report-to https://www.pwaportal.com/csp_reporting.php; 1
default-src 'self' *.vcapps.org *.addthis.com *.google-analytics.com *.doubleclick.net gpp.guidestar.org nonprofitdirectory.guidestar.org gppplugin.guidestar.org ; style-src 'unsafe-inline' https: ;script-src 'unsafe-inline' https: ;frame-src 'unsafe-inline' https: 1
media-src *, script-src self 'unsafe-eval' 'unsafe-inline' https://mc.yandex.ru https://xn--62-dlchecl2bsdax2n.xn--p1ai https://google.com https://www.gstatic.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline' 1
frame-ancestors 'self' *.winkbingo.com *.bingosys.net ; 1
default-src 'self'; connect-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.sanayi.gov.tr *.googleapis.com *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com; connect-src *.sanayi.gov.tr *.twitter.com; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1
default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de https://*.google.com platform.twitter.com https://*.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de null cdn.syndication.twimg.com  https://*.twitter.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de null platform.twitter.com; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self'; connect-src *.akamaihd.net *.vimeo.com 'self' null cdn.syndication.twimg.com  https://*.twitter.com; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de https://plusone.google.com https://accounts.google.com https://*.google.com platform.twitter.com https://*.facebook.com *.youtube.com; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors itzbund.preview.prod.gsb.bund.zivb.net 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com https://lh3.ggpht.com *.rnengage.com *.googleapis.com *.custhelp.com *.rawgit.com *.doubleclick.net *.facebook.net *.facebook.com data: *.teleperformanceusa.com; frame-src 'self' 'unsafe-inline' *.google.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
frame-ancestors 'self' marketrealist.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.youtube.com *.google-analytics.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.cdn.rawgit.com https://cdn.rawgit.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/  https://apps.kaonadn.net; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 1
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 1
upgrade-insecure-requests; default-src 'none'; font-src 'self'; base-uri 'none'; media-src 'self'; form-action 'self' https://r.girogate.de https://www.sandbox.paypal.com https://www.paypal.com https://hooks.stripe.com https://stripe.com; frame-ancestors 'self'; style-src 'self' 'nonce-2880fc9da92d8cda8a77340763cb1716' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OTeu7NEHDo6qutIWo0F2TmYrDhsKWCzrUgGoxxHGJ8o='; script-src 'self' 'nonce-2880fc9da92d8cda8a77340763cb1716' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://js.stripe.com https://cdn.trackjs.com; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.googleapis.com https://api.stripe.com https://capture.trackjs.com; img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.google-analytics.com https://usage.trackjs.com https://stats.g.doubleclick.net; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: siteimproveanalytics.com *.siteimprove.com *.denkwerk.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.doubleclick.net;         connect-src 'self' *.denkwerk.com;         font-src 'self' *.denkwerk.com;         media-src *.denkwerk.com player.vimeo.com *.vimeocdn.com gcs-vimeo.akamaized.net; 1
default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com https://www.foodwatch.org/de/iframe/ https://js.stripe.com https://hooks.stripe.com https://www.paypal.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de https://api.betterplace.org/ https://sentry.okfn.de https://api.stripe.com;child-src blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu fragdenstaat://authorize https://hooks.stripe.com https://stripe.com https://r.girogate.de;frame-ancestors *;report-uri https://sentry.okfn.de/api/4/csp-report/?sentry_key=b0305966ad35428b88f611c796792749; 1
default-src 'self' data: *.gstatic.com https://d1pf6s1cgoc6y0.cloudfront.net https://*.pond.co.nz; connect-src 'self' *; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://d1pf6s1cgoc6y0.cloudfront.net https://*.pond.co.nz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1pf6s1cgoc6y0.cloudfront.net https://*.google-analytics.com https://*.google.com *.newrelic.com *.nr-data.net https://*.gstatic.com https://*.googleapis.com *.pi.pardot.com *.pardot.com https://fast.wistia.com https://ww2.n4l.co.nz https://www2.n4l.co.nz/analytics https://*.facebook.net https://*.facebook.com https://*.twitter.com https://t.co https://*.pinterest.com https://*.pond.co.nz; img-src * data:; frame-src 'self' cdn.embedly.com *.vimeo.com *.youtube.com http://view.officeapps.live.com https://d1pf6s1cgoc6y0.cloudfront.net http://www.radionz.co.nz https://storify.com https://fast.wistia.com *.google.com https://*.pond.co.nz; media-src 'self' *; object-src 'self' http://view.officeapps.live.com https://d1pf6s1cgoc6y0.cloudfront.net *.google.com; frame-ancestors 'self'; 1
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 1
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 1
default-src 'self' undefined;img-src 'self' 'unsafe-inline' data: www.google-analytics.com storage.googleapis.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.ie www.google.fi;font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com js.stripe.com connect.facebook.net;connect-src 'self' selfix.eu.auth0.com www.google-analytics.com selfix.fi www.selfix.fi;frame-src 'self' www.youtube.com js.stripe.com staticxx.facebook.com www.facebook.com 1
default-src 'self'; connect-src 'self' https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.amegybank.com https://*.amegybank.com https://issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.amegybank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
referrer no-referrer 1
default-src *;object-src 'none';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: 'unsafe-inline' 'unsafe-eval';media-src *;font-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: spscc.hobsonsradius.com 25livepub.collegenet.com 5p4rk13.com bbox.blackbaudhosting.com connect.facebook.net cse.google.com e.issuu.com fonts.googleapis.com loader.webspellchecker.net rw1.marchex.io scripts.mymarketingreports.com spscc.hobsonsradius.com translate.google.com translate.googleapis.com www.google-analytics.com www.googleapis.com www.google.com www.googletagmanager.com www.googleadservices.com www.tickcounter.com googleads.g.doubleclick.net siteimproveanalytics.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdnjs.cloudflare.com fonts.googleapis.com spscc.hobsonsradius.com translate.googleapis.com www.google.com; img-src 'self' 'unsafe-inline' data: 25livepub.collegenet.com bbox.blackbaudhosting.com clients1.google.com fonts.googleapis.com i.ytimg.com px.marchex.io spscc.edu spscc.hobsonsradius.com stats.g.doubleclick.net translate.google.com translate.googleapis.com www.facebook.com www.google-analytics.com www.googleapis.com www.google.com www.gstatic.com *.siteimprove.com  *.siteimproveanalytics.io googleads.g.doubleclick.net; media-src 'self' 'unsafe-inline'; frame-src 'self' 5p4rk13.com bbox.blackbaudhosting.com calendar.google.com connect.facebook.net cse.google.com e.issuu.com maps.google.com snapwidget.com staticxx.facebook.com www.facebook.com www.google.com www.tickcounter.com www.youtube.com googleads.g.doubleclick.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com staticxx.facebook.com www.google.com; connect-src 'self' translate.googleapis.com; report-uri /report-csp-violation 1
img-src 'self' data: blob: http://feather.aviary.com/ http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://feather.aviary.com/ https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://feather.aviary.com/ https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/; connect-src 'self' http://cd.aviary.com/ https://api-ag.aviary.com/ https://feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com/ http://featherservices.aviary.com/ http://ip-api.com/ https://json.geoiplookup.io/api; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/; media-src 'self'; object-src 'self'; frame-ancestors none 1
base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; frame-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; connect-src 'self' wss://*.hotjar.com *.feefo.com *.hotjar.com *.investis.com *.twimg.com *.twitter.com *.doubleclick.net *.google-analytics.com sitesearch360.com *.sitesearch360.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: *; script-src 'self' gap: *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.investis.com *.surveymonkey.com *.twimg.com *.twitter.com unpkg.com sitesearch360.com *.sitesearch360.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twitter.com *.twimg.com 'unsafe-inline'; frame-ancestors 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.surveymonkey.com https://vars.hotjar.com *.noblehosted.com theparagongroup.sharepoint.com gap:; referrer no-referrer; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=URbpU58nsIcfF1a8FL%2f32OLGVGhcSnux9gLEbkKrof7iqBAPt8Ptb2S%2f%2bM71AfpEJImewDxRCPvi5mkGZnSLQlgMdKdt%2b66lW8hAdO8PQ8%2bOJcPu5a80xg0aykR1kCFe; report-to /SecurityUtils/rest/Report/ReportViolations?Params=URbpU58nsIcfF1a8FL%2f32OLGVGhcSnux9gLEbkKrof7iqBAPt8Ptb2S%2f%2bM71AfpEJImewDxRCPvi5mkGZnSLQlgMdKdt%2b66lW8hAdO8PQ8%2bOJcPu5a80xg0aykR1kCFe; no-referrer 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
policy-uri /'none' 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'none'; frame-src 'self' https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline'; connect-src 'self' *.gstatic.com https://securepubads.g.doubleclick.net; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
1 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com https:; 1
default-src https: 'self' https://*.googleusercontent.com wss://inspectletws.herokuapp.com https://cdn.inspectlet.com https://mijn.mkbservicedesk.nl https://app.readspeaker.com https://*.googleapis.com https://*.chkmkt.com wss://ws1.hotjar.com; script-src https: 'self' 'unsafe-inline'; style-src 'self' https://* 'unsafe-inline'; img-src 'self' https://shared.piwik.prisma-it.com https://veiliginternetten.nl data: 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io rpc.whaleshares.io api.whaleshares.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com gr.factory.nescafe.com greece.nestlebeverages.acsitefactory.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net https://l3.evidon.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /gr/report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
base-uri 'self' 1
default-src 'self'; base-uri 'self' https://optimize.google.com; form-action 'self' https://*.facebook.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' blob https://fonts.googleapis.com https://optimize.google.com https://intercomcdn.com https://tagmanager.google.com/ http://localhost:8080 blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://tagmanager.google.com https://cdn.amplitude.com http://localhost:8080 https://*.segment.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com http://*.google-analytics.com https://*.googlesyndication.com https://*.googleapis.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.intercomcdn.com https://*.intercom.io https://js.stripe.com https://cdn.inspectlet.com https://calendly.com https://*.licdn.com https://*.ads.linkedin.com https://*.linkedin.com https://*.sentrydsn.com; connect-src 'self' https://api.amplitude.com http://localhost:8080 ws://localhost:8080 https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com http://*.google-analytics.com https://www.facebook.com https://dc.ads.linkedin.com https://*.segment.io https://*.intercomcdn.com https://*.intercom.io wss://*.intercomcdn.com wss://*.intercom.io https://api.stripe.com http://*.inspectlet.com https://*.inspectlet.com wss://*.inspectlet.com https://sentry.io; media-src 'self' https://youtube.com; font-src 'self' data: http://localhost:8080 https://fonts.gstatic.com https://*.intercomcdn.com https://*.intercom.io; img-src 'self' data: http: https: https://www.google-analytics.com https://optimize.google.com; frame-src 'self' https://calendly.com https://www.youtube.com https://js.stripe.com https://www.facebook.com https://*.doubleclick.net https://optimize.google.com; frame-ancestors 'self'; block-all-mixed-content; report-uri https://sentry.io/api/199902/csp-report/?sentry_key=f13682fa65bb4d0ca2179a4dc55d79b8 1
script-src 'self' http://clicky.com *.getclicky.com https://www.googletagmanager.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com cdn.datatables.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: gallery.pdaa.edu.ua https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://r.i.ua https://get.mycounter.ua https://static.mycounter.ua https://counter.yadro.ru https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'none'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
default-src 'self' *.edp.com *.edpr.com *.gstatic.com *.mailjet.com *.tools.euroland.com *.eurolandir.com *.google-analytics.com *.js-agent.newrelic.com *.youtube.com *.jsdelivr.net *.media-server.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edp.com *.edpr.com *.datatables.net *.euroland.com *.newrelic.com *.nr-data.net *.jsdelivr.net *.byside.com *.s1.byside.com *.googleadservices.com *.googleads.g.doubleclick.net *.google.com *.hotjar.com *.google-analytics.com *.youtube.com *.facebook.net *.ytimg.com grmtech.net *.cloudfront.net *.adnxs.com *.mookie1.com *.serving-sys.com c-share.herokuapp.com *.googleapis.com *.cloudflare.com *.captcha.com *.doubleclick.net *.google.com *.google.pt *.botframework.com *.edp.pt *.clientscape.com *.facebook.com *.googletagmanager.com *.licdn.com *.linkedin.com nebula-cdn.kampyle.com *.kampyle.com *.smrk.io *.gstatic.com *.cookiepro.com *.onetrust.com *.wufoo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.edp.com *.edpr.com *.googleapis.com *.cloudflare.com *.datatables.net;; img-src 'self' *.edp.com *.edpr.com *.google-analytics.com data: maps.gstatic.com maps.googleapis.com; media-src 'self' *.edp.com *.edpr.com data:; frame-src 'self' *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com; frame-ancestors 'self' *.edp.com *.edpr.com *.portaldocidadaosurdo.pt *.p01-geral.dig.corp.edp.com; connect-src 'self' *.edp.com *.edpr.com cdn.plyr.io; report-uri /en/report-csp-violation 1
: default-src https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.google.com https://tracking.leadlander.com https://1.tl813.com https://geoip-js.maxmind.com https://www.google.co.uk https://*.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline' *.searchtechnologies.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.gstatic.com https://www.google.com https://tracking.leadlander.com https://www.linkedin.com https://ajax.googleapis.com https://formalyzer.com https://www.googleadservices.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://*.trackalyzer.com https://js.maxmind.com https://bat.bing.com https://storage.googleapis.com https://snap.licdn.com https://t.sf14g.com https://1.tl813.com https://code.jquery.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src https://raw.githubusercontent.com https://cdn.rawgit.com https://tracking.leadlander.com https://www.google.iq https://www.google.co.uk https://www.google-analytics.com https://t2.trackalyzer.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com 'self' *.searchtechnologies.com data:; connect-src https://geoip-js.maxmind.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com 'self' *.searchtechnologies.com; form-action 'self'; font-src 'self' https://cdnjs.cloudflare.com https://www.searchtechnologies.com 1
frame-ancestors *.bryant.edu; report-uri //report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: dadu.ru *.dadu.ru https://dadu.ru https://www.dadu.ru japancar.ru www.japancar.ru static.japancar.ru *.static.japancar.ru greenpart.ru *.greenparts.ru wiweb.ru *.wiweb.ru qx9.ru *.qx9.ru jc9.ru *.jc9.ru justcommunication.ru www.justcommunication.ru *.google-analytics.com *.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net *.gstatic.com yandex.ru *.yandex.ru https://yandex.ru https://*.yandex.ru https://mc.yandex.ru yandex.net *.yandex.net https://yandex.net https://*.yandex.net counter.yadro.ru icq.com www.icq.com skype.com www.skype.com youtube.com www.youtube.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.jquery.com *.webspellchecker.net *.addtoany.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com *.exchange.jo track.adform.net img04.en25.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com  *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net *.eloqua.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com c1.adform.net; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com track.adform.net; report-uri /report-csp-violation 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.g.doubleclick.net https://s.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://infra.mcit.gov.sa https://cdn.ckeditor.com https://www.google.com/maps/embed https://maps.google.com/maps https://usf.maps.arcgis.com/apps/TimeAware/index.html https://www.google.com/videohp https://mcit.gov.sa/sites/default/files/fileAr.pdf    https://youtu.be/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' https://browser-update.org 'unsafe-eval' 1
default-src 'self' *.milchundzucker.de *.beesite.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.milchundzucker.de *.beesite.de *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.milchundzucker.de *.beesite.de *.googleapis.com *.googletagmanager.com *.google-analytics.com; child-src *; img-src * data: blob: filesystem:; font-src 'self' *.milchundzucker.de *.beesite.de fonts.gstatic.com data:; media-src * 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; reflected-xss block; report-uri https://kvrlp.report-uri.io/r/default/csp/enforce; 1
default-src 'self' 'unsafe-inline' osnatel.de www.osnatel.de www2.osnatel.de *.osnatel.de *.dwin1.com 20782209p.rfihub.com c1.rfihub.net *.cookiebot.com *.adc-srv.net *.google.de bat.bing.com *.google.com hello.myfonts.net *.rfihub.com *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.rfihub.net *.intelliad.de *.bing.com/bat.js https://forms.osnatel.de/ *.forms.osnatel.de *.pimcore.org *.ggpht.com *.gstatic.com *.googleapis.com 'unsafe-eval' *.googletagmanager.com *.google.com/recaptcha/ *.google-analytics.com hello.myfonts.net *.tellja.de fonts.googleapis.com data: 1
frame-ancestors *.amboss.com *.miamed.de 1
default-src 'self' https://chat.shellfire.de https://www.google.de https://maps.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://www.youtube.com https://*.gstatic.com https://*.googleapis.com https://*.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.google.com https://optimize.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.shellfire.de https://www.google.com https://maps.google.com https://www.google.net https://connect.facebook.net https://www.google.com https://www.google.net https://www.googleadservices.com https://www.youtube.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.googletagmanager.com https://static.ads-twitter.com https://analytics.twitter.com https://tagmanager.google.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.facebook.net https://tagmanager.google.com https://optimize.google.com ; img-src data: * ; 1
default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com www.recaptcha.net d16fk4ms6rqz1v.cloudfront.net s.salecycle.com connect.facebook.net d.turn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com s.salecycle.com; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in maps.gstatic.com maps.googleapis.com msig.zumata.com http://tagmanager.google.com insight.adsrvr.org s.salecycle.com d22j4fzzszoii2.cloudfront.net www.facebook.com; frame-src 'self' www.youtube.com sp.zalo.me www.google.com bid.g.doubleclick.net http://tagmanager.google.com s.salecycle.com *.fls.doubleclick.net; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com d22j4fzzszoii2.cloudfront.net; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in http://tagmanager.google.com staging-msig.zumata.com msig.zumata.com *.salecycle.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-v1W4SSkA1FStb1dIr7/JM4zRV63BdongFMzpTtjHFNM=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' data: mc.yandex.ru platform.twitter.com staticxx.facebook.com secure.livechatinc.com www.facebook.com staticxx.facebook.com www.youtube-nocookie.com web.facebook.com syndication.twitter.com i.ytimg.com; script-src 'self' data: * 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.livechatinc.com cdnjs.cloudflare.com connect.facebook.net www.youtube.com s.ytimg.com www.google-analytics.com mc.yandex.ru platform.twitter.com secure.livechatinc.com cdn.livechatinc.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' s.ytimg.com; img-src * data:; media-src 'self' data:; frame-src 'self' accounts.google.com www.facebook.com www.livechatinc.com secure.livechatinc.com platform.twitter.com staticxx.facebook.com syndication.twitter.com www.youtube-nocookie.com www.youtube.com; font-src *; connect-src 'self' data: syndication.twitter.com www.youtube-nocookie.com secure.livechatinc.com https://mc.yandex.ru  https://checkin.purechat.com/api/checkin *.purechat.com *.amazonaws.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org; report-uri /admin/config/system/seckit/csp-report 1
default-src *; script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com; 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; 1
default-src 'self' data: blob: *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.bizographics.com *.engagio.com *.listenloop.com *.doubleclick.net  *.bugsnag.com *.linkedin.com *.addthis.com *.addthisedge.com *.bidr.io *.googleadservices.com *.google.com *.gstatic.com *.fonts.googleapis.com *.mktoresp.com *.brightcove.net *.brightcove.com *.zencdn.net *.boltdns.net *.truste.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.net *.marketo.com *.google.com *.webspellchecker.net; frame-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; frame-ancestors 'self' *.guidewire.com; child-src 'self' blob: *.guidewire.com *.brightcove.net *.marketo.net *.marketo.com *.google.com *.addthis.com *.addthisedge.com; font-src * data:; connect-src 'self' *.mktoresp.com *.listenloop.com *.bugsnag.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.addthis.com *.brightcove.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.crazyegg.com *.webspellchecker.net; report-uri /report-csp-violation 1
default-src *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com use.fontawesome.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com; font-src 'self' *.gstatic.com 1
base-uri 'none'; default-src 'none'; child-src https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.jove.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk https://*.jic.ac.uk; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.mt https://*.google.com.ua https://*.google.ie https://*.google.it https://*.google.se https://*.google.sk https://*.ytimg.com https://secure.gravatar.com https://*.bing.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.algolianet.com https://*.gstatic.com https://*.google.ae https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.mt https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ie https://*.google.it https://*.google.ru https://*.google.sk https://*.bing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.google.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/john-innes-centre; report-to https://poirot.selesti.com/api/violation/john-innes-centre; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-nHG8jqS2KDANeNLlfOtjBagAKl/cpFTTLuTqn+V62dY=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'none'; frame-src https://static-corp.sendsafely.com 'self' https://bid.g.doubleclick.net https://www.google.com sendsafely: https://analytics-frame.sendsafely.com https://static-www.sendsafely.com;connect-src 'self'; script-src 'self' https://static-www.sendsafely.com https://www.google.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://ssl.google-analytics.com https://api.stripe.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsforms.net https://forms.hubspot.com https://api.hubapi.com https://internal.hubapi.com; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; object-src 'self' https://static-www.sendsafely.com; child-src 'self'; img-src 'self' https://cdn.zapier.com https://zapier.com https://app-static.sendsafely.com blob: data: https://www.google.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://ssl.google-analytics.com https://www.gravatar.com i0.wp.com i1.wp.com i2.wp.com i3.wp.com https://stats.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://track.hubspot.com chrome-extension:; 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-XRUMXwPoPyavRrSW7xtqmfrFpDEZleYLXrZZXZQs5Vc=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com/recaptcha/  maps.googleapis.com *.facebook.com *.facebook.net licensebuttons.net *.doubleclick.net *.youtube.com cdn.maksnet.tv *.adobe.com licensebuttons.net *.rnids.rs xn--d1aholi.xn--90a3ac; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com data:	https: 1
object-src 'self' *.google.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com 1
default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://openprocurement-storage-sandbox.s3.amazonaws.com https://cdn2.prozorro.gov.ua https://raw.githubusercontent.com/ https://rawgit.com/ https://openprocurement-storage.s3.amazonaws.com https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
default-src 'self'; script-src *.gstatic.com *.google.com *.google-analytics.com *.twitter.com *.facebook.net *.googleapis.com 'unsafe-inline' 'self' 'unsafe-eval' cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com cdn.jsdelivr.net; img-src * data:; media-src 'self' *.youtube.com *.vimeo.com; frame-src *.google.com *.twitter.com 'self' ryk.no *.ryk.no *.facebook.com *.youtube.com *.vimeo.com; font-src *.gstatic.com 'self' cdn.jsdelivr.net; report-uri /admin/config/system/seckit/csp-report 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk ajax.googleapis.com apps.nestle.com apps.nestle.co.uk https://js-agent.newrelic.com https://static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.krxd.net *.serving-sys.com *.facebook.net *.cloudfront.net bfred-it.github.io bam.nr-data.net *.hypemarks.com *.cloudflare.com *.wowza.com momentjs.com; style-src 'self' 'unsafe-inline' *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.wowza.com *.addtoany.com; img-src 'self' 'unsafe-inline'  data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com *.youtube.com *.facebook.com *.krxd.net; media-src 'self' 'unsafe-inline' blob: *.akamaihd.net *.sanpellegrinofruitbeverages.com; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.fls.doubleclick.net *.facebook.com *.hypemarks.com *.krxd.net *.nestle-watersna.com; child-src 'self' blob: static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.fls.doubleclick.net *.sanpellegrinofruitbeverages.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly *.serving-sys.com *.doubleclick.net *.akamaihd.net; report-uri /us/report-csp-violation 1
" default-src 'self'; base-uri 'self' *.dolmar.sk; frame-src 'self' *.youtube.com; img-src 'self' data: *.google-analytics.com *.doubleclick.net *.ytimg.com; script-src 'strict-dynamic' 'nonce-O3fqUkWjVM' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; object-src 'self'; form-action 'self'; frame-ancestors 'self';" 1
default-src *; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; frame-src 'self' senica.sk relaxteam.sk tiamotrnava.sk *.upvision.sk forhaus.sk *.facebook.com *.hotjar.com *.google.com 1
base-uri 'https://*.pchome.co.th'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com:* *.addthisedge.com:* *.googleanalytics.com:* *.google-analytics.com:* *.googleapis.com:* *.googletagmanager.com:* *.google.com:* *.gstatic.com:* *.boroondara.vic.gov.au:* *.newrelic.com:* *.nr-data.net:* *.readspeaker.com:* *.loop11.com:* *.eyesdecide.com:* *.beaglex.com:* *.loggly.com:* siteimproveanalytics.com:* *.betterhealth.vic.gov.au:* *.addtoany.com:* *.freshmarketer.com:*; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com:*; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.addthis.com:* wss://api.beaglex.com:* *.beaglex.com:* *.loggly.com:* *.betterhealth.vic.gov.au:* *.freshmarketer.com:*; report-uri /report-csp-violation 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.emlgrid.com *.salesmanago.pl *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com data.zortrax.com *.gravatar.com *.ggpht.com *.emlgrid.com *.salesmanago.pl *.ssl.gstatic.com  *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct app.humdash.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com *.luckyorange.net ws://localhost:3000 *.emlgrid.com *.salesmanago.pl *.google-analytics.com *.tagmanager.google.com app.humdash.com  ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self'; script-src 'unsafe-inline' 'self' *.google-analytics.com *.addtoany.com *.rosacea.org *.amazonaws.com *.google.com *.gstatic.com rosacea.us7.list-manage.com; object-src 'self'; style-src  'self' *.googleapis.com *.mailchimp.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.rosacea.org data:; media-src 'self'; frame-src 'self' *.addtoany.com *.force.com *.google.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src *.googleapis.com 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com https://vk.com https://*.vk.com https://me-talk.ru https://*.me-talk.ru https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://www.google.com https://yastatic.net; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.me-talk.ru https://me-talk.ru https://www.google.com https://ajax.googleapis.com; img-src 'self' https://*.me-talk.ru https://maps.googleapis.com https://*.gstatic.com https://vk.com https://*.vk.com https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net data: https://www.cs-cart.com; frame-src 'self' https://www.google.com https://ajax.googleapis.com https://*.youtube-nocookie.com https://*.youtube.com https://*.me-talk.ru https://me-talk.ru; font-src 'self' data: https://*.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://me-talk.ru https://*.me-talk.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://*.gstatic.com 1
default-src 'self' zy.si; script-src 'self' 'unsafe-eval' 'unsafe-inline' zy.si; form-action 'self' www.paypal.com; style-src 'self' 'unsafe-inline'; block-all-mixed-content 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com/menu/svg/icons.26.old.css https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; img-src 'self' https://static.addtoany.com/menu/svg/png/ https://www.google-analytics.com data: ; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com data:; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://rs.fullstory.com https://*.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.googletagmanager.com/ https://tagmanager.google.com/  https://maps.googleapis.com https://www.google-analytics.com https://fullstory.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/; img-src 'self' data: https://*.gstatic.com/ https://www.google-analytics.com/  https://stats.g.doubleclick.net/ https://*.google.com.au https://*.google.com; frame-src 'self'  https://www.youtube.com/ https://www.google.com; child-src 'self'  https://www.youtube.com/ https://www.google.com; font-src 'self' https://themes.googleusercontent.com/ ; report-uri /report-csp-violation 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.braintree-api.com *.braintreegateway.com *.intercom.io *.intercomcdn.com code.jquery.com; style-src 'self' 'unsafe-inline' *.braintreegateway.com; img-src * 'self' data:; font-src 'self' *.intercomcdn.com; connect-src 'self' *.slack.com sentry.io *.google-analytics.com *.braintreegateway.com *.braintree-api.com *.intercom.io wss://*.intercom.io; frame-src *.braintreegateway.com 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://cdn.hypemarks.com http://cdn.hypemarks.com https://www.gstatic.com *.krxd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net turkey.nestlebeverages.acsitefactory.com turkey.nestlebeverages.acsitefactory.com tr.factory.nescafe.com www.google.co.in; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com https://www.google.com/ *.krxd.net www.facebook.com *.doubleclick.net/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /tr/report-csp-violation 1
reflected-xss 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data:;connect-src *;report-uri report-uri /csp-report-endpoint/ 1
default-src 'self'; script-src 'self'; report-uri /admin/settings/seckit/csp-report 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https: http://connect.ok.ru/connect.js http://vk.com/js/api/share.js?90&pfpvyh; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://c.sharethis.mgr.consensu.org https://*.stripe.com; connect-src 'self' https://*.sharethis.com https://*.algolianet.com https://*.algolia.net https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hubapi.com; font-src 'self' https://*.gstatic.com data:; form-action 'self' https://*.hsforms.com https://uk.bablearn.com/introduction-to-iso-45001 https://uk.bablearn.com/introduction-to-iso-27001 https://uk.bablearn.com/introduction-to-iso-14001 https://uk.bablearn.com/introduction-to-iso-9001; frame-ancestors 'none'; frame-src https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://c.sharethis.mgr.consensu.org https://*.stripe.com https://*.hsforms.com; img-src 'self' https://secure.gravatar.com https://api.feefo.com https://*.sharethis.com https://s3.amazonaws.com/sharethis-socialab-prod/share-this-logo%402x.png https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.mt https://*.google.com.ua https://*.google.ie https://*.google.it https://*.google.se https://*.google.sk https://*.googletagmanager.com https://*.gstatic.com https://*.hubspot.com https://*.hsforms.com https://*.bing.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://*.sharethis.com https://*.algolianet.com https://*.stripe.com https://*.gstatic.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.ae https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.mt https://*.google.com.ua https://*.google.de https://*.google.fr https://*.google.ie https://*.google.it https://*.google.ru https://*.google.sk https://js.hsadspixel.net js.hsadspixel.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-scripts.com https://*.usemessages.com https://*.hsforms.net https://*.hsforms.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.linkedin.com https://*.bing.com https://*.hs-sites.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.google.com 'unsafe-inline'; report-uri https://poirot.selesti.com/api/violation/british-assessment-bureau; report-to https://poirot.selesti.com/api/violation/british-assessment-bureau; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.googletagmanager.com https://*.googletagmanager.com *.googleapis.com https://*.googleapis.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com; img-src 'self' *.canadabread.com https://*.canadabread.com https://canadabread.com *.google-analytics.com *.google.com *.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com stats.g.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com https://fonts.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net https://unpkg.com;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https:; object-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google.com *.googletagmanager.com *.facebook.net *.google-analytics.com dnn506yrbagrg.cloudfront.net *.youtube.com *.ytimg.com; connect-src 'self' *.cwp.govt.nz wss://*.inside-graph.com *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google-analytics.com *.optimalworkshop.com; img-src 'self' data: *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.typekit.net *.doubleclick.net *.gstatic.com *.facebook.com *.google-analytics.com *.youtube.com *.inside-graph.com gtrk.s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.googleapis.com *.google.com; font-src 'self' *.gstatic.com *.typekit.net data:; frame-src 'self' *.inside-graph.com *.youtube.com *.doubleclick.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.googleadservices.com *.maxymiser.net *.adobedtm.com *.doubleclick.net *.demdex.net *.ckeditor.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ckeditor.com; img-src 'self' *.santander.co.uk *.google.com *.google.co.uk *.google.de *.google.es *.ckeditor.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net; font-src 'self' *.gstatic.com; connect-src 'self' *.demdex.net *.santander.co.uk *.google.co.uk; report-uri /auth_admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com data: *.facebook.com themes.googleusercontent.com www.google-analytics.com cdn.livechatinc.com connect.facebook.net platform.twitter.com platform.linkedin.com img.en25.com platform.twitter.com s1619.t.eloqua.com secure.livechatinc.com static.xx.fbcdn.net static.licdn.com stats.g.doubleclick.net syndication.twitter.com cdn.jsdelivr.net accounts.livechatinc.com js-agent.newrelic.com bam.nr-data.net youtube.com *.youtube.com *.googleapis.com *.pantheonsite.io *.imaginecommunications.com; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamlogin.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; 1
default-src 'self'  ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  ;style-src 'self' 'unsafe-inline';img-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/ga.js; style-src 'self' 'unsafe-inline' ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
frame-ancestors * 1
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' 1
default-src 'self'; img-src 'self' http://hdsat.by http://uni-sat.ru http://yastatic.net http://*.mail.ru http://*.yandex.ru http://*.yadro.ru http://*.rambler.ru http://www.google.com/ http://*.recaptcha.net ; script-src https://*.yandex.ru http://*.recaptcha.net http://*.yandex.ru http://*.mixmarket.biz  http://counter.rambler.ru  http://code.jquery.com http://yandex.st http://*.google.com http://*.yandex.ru http://*.uni-sat.ru 'unsafe-eval' 'self' 'unsafe-inline'; frame-src *; object-src 'none'; font-src *; style-src 'unsafe-inline' 'self'; connect-src https://*.yandex.ru http://*.yandex.ru 1
default-src 'self' *.googleapis.com *.twitter.com *.twimg.com tags.tiqcdn.com tags-eu.tiqcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com *.liveperson.net telekomkarriere01.wt-eu02.net geid.wbtrk.net cdn.wbtrk.net cdn.cbtrk.net *.twitter.com *.twimg.com tags.tiqcdn.com tags-eu.tiqcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com; frame-src *; img-src * data: blob: filesystem:; font-src 'self' fonts.gstatic.com data:; media-src * 1
default-src "unsafe-inline" "unsafe eval" * 1
default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://www.googletagmanager.com https://chart.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d3js.org https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.ckeditor.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.jsdelivr.net; media-src 'self' 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' *.safehelpline.org safehelpline.org cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com; object-src 'self' *.safehelpline.org safehelpline.org; report-uri //report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.facebook.net *.facebook.com *.hotjar.com *.twitter.com *.youtube.com *.adroll.com *.g.doubleclick.net *.bootstrapcdn.com *.marketingautomation.services; img-src * data: blob: 'self'; font-src * data: blob: 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.maxmind.com *.facebook.net *.pinterest.com js-agent.newrelic.com *.nr-data.net *.instagram.com; object-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' blob: data: *.google-analytics.com *.doubleclick.net *.google.com *.google.com.au *.facebook.com vsloveyourstyle.com.au *.fbcdn.net *.pinterest.com *.vsformen.com.au; frame-src 'self' *.youtube.com *.facebook.com *.giphy.com giphy.com assets.pinterest.com *.instagram.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' vs-appsvc-warrantyprocessor-api-prod.azurewebsites.net *.google-analytics.com vs-svcbus-warrantyprocessor-prod.servicebus.windows.net geoip-js.maxmind.com *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
frame-src 'self' mailto: blob: *.qualaroo.com *.simpli.fi *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com http://clinicfinder.cochlear.com *.linkedin.com http://www.cvent.com http://cochlearevents.cvent.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net http://clinicfinder.cochlear.com *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' localhost:8080 *.cvent.com *.linkedin.com http://clinicfinder.cochlear.com   *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.google-analytics.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data:  *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com http://test-iwh-de.cochlear.com http://test.cochlear.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.qualaroo.com *.simpli.fi *.yahoo.com *.yimg.com *.adnxs.com *.swiftype.com *.googletagmanager.com *.google.com *.leadspediatrack.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com  *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com http://go.cochlear.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de *.salesforceliveagent.com *.amazonaws.com; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1