Values for x-webkit-csp:
default-src 'self' 'unsafe-inline' 19
frame-ancestors 'self' 18
report-uri /report-csp-violation; upgrade-insecure-requests 17
report-uri /report-csp-violation 17
default-src 'self' 16
default-src 'self'; script-src 'self' 'unsafe-inline' 12
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 4
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 4
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 4
frame-ancestors 'self' weleda.sabio.de 4
frame-ancestors *; report-uri /report-csp-violation 3
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 3
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=R1zD7K%2FwK9o6Os3Rpo%2BJRId6B0c2fSgtTuFGIniKICo9u05p8vfuxWwMt%2Fi%2BgbvzvBqQmKw%2BCpYhRIGz90q67g%3D%3D; 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com; report-uri /report-csp-violation 2
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 2
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 2
default-src 'self'; 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-1jwz8nvnp-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 2
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-YFJWjG7Idh2tQYhqMXFn6dkgO19XgkxGr70OJ8b7RCs30Bay'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
frame-ancestors 'none' 1
default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ 'nonce-171397811578800' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/  https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
connect-src * 'self' 1
frame-ancestors *.payback.de 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-654e121203aa6fd8efe0a83a0ecb3ef09c8bbd3f35be' 'nonce-4cc8cba5a4bc049a370306c160ca1e945966a2238e71' 'nonce-8a26bb9a5ee2b10fd293439bfc8378e6bbdd6022bf8e' 'nonce-71b08edbf8534efbdd7bd4b6855ef180c2c30856f784' 'nonce-ca6aaaaa6158674c56292a6406bbbc6397adc684b331'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
script-src 'nonce-4ea0165d-d002-4702-a30c-4b5affeaaa03' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.dynamicyield.com *.bootstrapcdn.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech  mycliplister.com wss://*.hotjar.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru yookassa.ru geoadv-partner.yandex.ru direct.yandex.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.bitrix24.ru *.roistat.com top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com; report-uri /report-csp-violation 1
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 1
default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self'  data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline'  *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com  *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; Content-Security-Policy: default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self'  data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline'  *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com  *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; 1
base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com googleads.g.doubleclick.net *.hotjar.io sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self';frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com;img-src 'self' data: blob: www.relaischateaux.com maps.gstatic.com maps.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com www.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com googletagmanager.com googleads.g.doubleclick.net d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'.de datawrapper.dwcdn.net; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com .yahoo.com .yahoodns.net s.yimg.com sp.analytics.yahoo.com *.yimg.com 'sha256-EltsDipbnEG0YsYxV4cppQIJsmW2izi1abiYZxFCjis=' 'sha256-h1fUiJjnt0URa9CRwnwhJT0ig1omj4+zbW09yMKok5A=' 'sha256-cKzq3P7VB1lntboUkaXXy0BGBnVGeltrNYyR6XMb/xE=' 'sha256-5jRATZC/HeNoxjfqUw0xHjgKzOlFLT3Oplan5LBlmgU=' *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:; connect-src 'self' https://www.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
policy-uri /'self' 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://bat.bing.com https://cdn.jsdelivr.net https://chat.botyto.com https://sc.lfeeder.com https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://chat.botyto.com/* https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: *.cookiebot.com *.clarity.ms https://bat.bing.com https://tr-rc.lfeeder.com https://chat.botyto.com https://tr.lfeeder.com https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' *.cookiebot.com *.clarity.ms https://cdn.growthbook.io https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://consentcdn.cookiebot.com https://chat.botyto.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-QOwQOfaFhvjFis+w/UBI/A==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://cdnjs.cloudflare.com https://maps.googleapis.com/maps/api/js https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://*.gstatic.com https://docs.google.com/; img-src * data: blob:; font-src *; worker-src * data: blob: 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv  *.github.io *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors https://kin.test https://e3-kinaxis-build.pantheonsite.io https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site https://dev-kinaxis-build.pantheonsite.io https://test-kinaxis-build.pantheonsite.io https://fenix-kinaxis-build.pantheonsite.io; report-uri /report-csp-violation 1
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 1
default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self'  *.bosch-pt.com  bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src   https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1
base-uri 'none';child-src 'none';connect-src 'self' https://analytics.gam3s.gg https://staging.api.gam3s.gg/ http://localhost:3001/ http://localhost:3002/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://dev.api.polkastarter.gg/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://127.0.0.1:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.cookie3.co https://*.arbitrum.io/rpc;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self' *;frame-ancestors http://127.0.0.1:* https://polkastarter.gg https://www.polkastarter.gg https://www.gam3s.gg https://gam3s.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://va.vercel-scripts.com https://cdn.vercel-insights.com https://*.hotjar.com http://*.hotjar.com https://*.cookie3.co;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-285df27ba1f0e90226918f9bfe5c034b' 'nonce-8ea0cfb374da6a8b9126e808891aff23' 'nonce-da00778ebaa2d197d6a0c5b9d269e1cb' 'nonce-14f732a7f1df5defeea7e7563d5ef987' 'nonce-fc5b8e4bfb30a5b44eb01bf0a16de34d' 'nonce-00018b3c005b1ba5aa90f27173f3fa52' 'nonce-6ed5ee8aa583ead676309e41b2be1c01' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-285df27ba1f0e90226918f9bfe5c034b' 'nonce-8ea0cfb374da6a8b9126e808891aff23' 'nonce-da00778ebaa2d197d6a0c5b9d269e1cb' 'nonce-14f732a7f1df5defeea7e7563d5ef987' 'nonce-fc5b8e4bfb30a5b44eb01bf0a16de34d' 'nonce-00018b3c005b1ba5aa90f27173f3fa52' 'nonce-6ed5ee8aa583ead676309e41b2be1c01' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
img-src 'self' *.norma-online.de *.sitesearch360.com https://piwik.norma-online.de https://c.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.sitesearch360.com https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src 'self'; 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://acsbapp.com https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net c.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com cdn.cookielaw.org data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com checkout.us.staging.chantelle.cloud https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com https://acsbapp.com https://cdn.acsbapp.com https://process.acsbapp.com https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
base-uri 'none';child-src 'none';connect-src 'self' cdn.cookielaw.org payment.preprod.direct.worldline-solutions.com prd-az-www.ritzparis.com payment.direct.worldline-solutions.com *.onetrust.com *.ritzparis.com *.analytics.google.com stats.g.doubleclick.net *.contentsquare.net ;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src ritzparis.prismic.io ritzparis-dev.prismic.io payment.preprod.direct.worldline-solutions.com payment.direct.worldline-solutions.com;img-src 'self' data: dam-media-prd.ritzparis.com media.ritzparis.com static.cdn.prismic.io images.prismic.io cdn.cookielaw.org ritzparis.twic.pics www.google.fr/ads/ga-audiences *.ritzparis.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.contentsquare.net www.facebook.com www.googletagmanager.com bat.bing.com;manifest-src 'self';media-src 'self' dam-media-prd.ritzparis.com media.ritzparis.com ritzparis-dev.cdn.prismic.io;object-src 'none';script-src 'self' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' *.ritzparis.com static.cloudflareinsights.com static.cdn.prismic.io cdn.cookielaw.org payment.direct.worldline-solutions.com prismic.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com 'sha256-vlA+/IoVFMeZir0XBHEuSc8eRGNGZLe3WVp7KkajiPk=' 'sha256-YU03sCxX47R6bqxqxPChvbTU5oQqJ5Puob6xWTcFeHY=' 'sha256-5aSb69VmW3iXh7uFY0aXw2sRLmNO0GWwp+znslFHIgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' *.contentsquare.net 'sha256-697J3WKT7EkTzi85tWcYWTSIasTwcEAcsmxAZbH3ngQ=' bat.bing.com 'sha256-P4TmnK7YRDPTmdn55mI9jHpreKHeCRAsZEN+FryYMr8=' 'sha256-I0ZdFDhjkmpkLSz9o1NmuuTagiVBsP4PWSegIpEjWyA=' 'unsafe-inline' t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1
default-src 'self' multimedia.gsb.bund.de medien.bmi.bund.de; base-uri 'self'; font-src 'self'  data: medien.bmi.bund.de; style-src 'self' 'unsafe-inline' *.twitter.com medien.bmi.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com   medien.bmi.bund.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de  *.newsletter2go.com hls-hd.myrasec.de     medien.bmi.bund.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com medien.bmi.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io *.linkedin.com; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de  *.cio.bund.de *.newsletter2go.com   medien.bmi.bund.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.cookiebot.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;manifest-src https://www.wefact.nl 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com analytics.twitter.com  cdn.sajari.net cdn.sajari.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net  *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com  *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com www.gstatic.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com global.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1
frame-ancestors *.amboss.com 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://testnet.omni.network https://sepolia-rollup.arbitrum.io https://arb1.arbitrum.io https://*.base.org https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com https://api.web3modal.com wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://rpc.ankr.com https://cloudflare-eth.com/ https://*.polkastarter.com https://*.cookie3.co https://*.mode.network;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' https://*.polkastarter.com;frame-ancestors 'none';frame-src https://verify.synaps.io/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live;img-src 'self' blob: data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com https://explorer-api.walletconnect.com https://vercel.com/ https://api.web3modal.com https://token-icons.s3.amazonaws.com;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.analytics.tiktok.com *.connect.facebook.net *.p.teads.tv *.p.teads.tv *.*.www.googletagmanager.com *.analytics.johnsonsbaby.com.co *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
base-uri 'none';connect-src 'self'  *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se;font-src 'self' *.hotjar.com https://fonts.gstatic.com data;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com;worker-src 'self'; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: properties: moz-extension: blob:; report-uri /report-csp-violation 1
1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src    'self' ws:;script-src      'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com static.ads-twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com *.emailsys1c.net *.emailsys1a.net cdn-prod.wdesk.com cdn.jsdelivr.net;style-src        'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src          'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src            'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net *.emailsys1a.net t.co/i/adsct;frame-src        'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com;connect-src    'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings *.emailsys1c.net *.emailsys1a.net consentcdn.cookiebot.com analytics.twitter.com cdn.linkedin.oribi.io/partner/3468146/domain/gleif.org/token;prefetch-src  'self' *.disquscdn.com disqus.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net  https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com  www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com player.vimeo.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
upgrade-insecure-requests 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://code.highcharts.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be  https://app.usercentrics.eu/ https://burden.sciensano.be heyzine.com/flip-book/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1
default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1
frame-src *; 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com wjrmdnw.pa-cd.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io imgsct.cookiebot.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net  collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com  *.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
1; mode=block 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=vJbf2opEeP9llDicCxBsRo6AhhsNuVlP32pSqOQL%2FFDL94JVrbT5R4PmkqOVA19qiUaWXBCbqVMtafqNFAYVWw%3D%3D; 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.hapara.com/ 1
base-uri 'self'; child-src 'self'; frame-src 'self'; connect-src 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=XvruOHhKEvD5CD79lJ5cHr8SlzHfMQPP8arqHONz0pYJmsha3e8gjAJhVCCm%2BYKhfd5hHR48wbkIuSiajbGzWA%3D%3D; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 1
self 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ 1
frame-ancestors https://app.storyblok.com/ 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 1
script-src 'self' 'nonce-Zsz83uVLyAb7lhxow5N9dFgC' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.mxpnl.com/libs/ https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:  *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-f3bea8fe5e6633ac5b77d98299900914' 'nonce-aebae5abe55e31ad7f2c752e21fd1e5b' 'nonce-1c256f04367229374c1c0ec5f07d6ed1' 'nonce-9ef4f0f1c88fa1ae6bf4937703029027' 'nonce-769fea9595230d7e5f1075e699653a9d' 'nonce-3ba052d16b1e0c8675b77990779f027d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f3bea8fe5e6633ac5b77d98299900914' 'nonce-aebae5abe55e31ad7f2c752e21fd1e5b' 'nonce-1c256f04367229374c1c0ec5f07d6ed1' 'nonce-9ef4f0f1c88fa1ae6bf4937703029027' 'nonce-769fea9595230d7e5f1075e699653a9d' 'nonce-3ba052d16b1e0c8675b77990779f027d' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' https://www.tvacreditunion.com https://tvacreditunion.com https://olb.tvacreditunion.com 1
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com *.youtube.com *.youtube-nocookie.com; img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de *.youtube.com *.youtube-nocookie.com; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de dwl.dawconnect.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr 'unsafe-inline'; object-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-7ca6530f5b35f85965c2ac8c335c7d12' 'nonce-cfb97d7668f3672fc6b4d70e72dc8680' 'nonce-8915000db1414a10cf31d885ac9d5d47' 'nonce-ccb9514d33290002d2c570cf429a459a' 'nonce-670005e5671f7977aa8a3d6e4867a21c' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7ca6530f5b35f85965c2ac8c335c7d12' 'nonce-cfb97d7668f3672fc6b4d70e72dc8680' 'nonce-8915000db1414a10cf31d885ac9d5d47' 'nonce-ccb9514d33290002d2c570cf429a459a' 'nonce-670005e5671f7977aa8a3d6e4867a21c' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *hosted-pageflow.com  *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de my.walls.io; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://ws.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-6zukmyvoe-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com endpoint-app.cognigy.ai *.githubusercontent.com maps.google.de 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
frame-ancestors *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1
default-src 'self' data: https://www.google.com https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://mc.yandex.ru https://translate.yandex.net https://yastatic.net/ https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://ya.ru/ https://bitrix.info https://analytics.bitrix.info/ https://*.roistat.com/ https://crm.e-m-l.ru https://www.1c-bitrix.ru/ https://yoomoney.ru/ https://crm.e-m-l.ru wss://crm.e-m-l.ru https://yandex.ru/ https://e-m-l.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://api-maps.yandex.ru https://*.roistat.com https://crm.e-m-l.ru https://emlru.webim.ru wss://crm.e-m-l.ru https://e-m-l.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru; img-src 'self' data: https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.com https://emlru.webim.ru https://crm.e-m-l.ru wss://crm.e-m-l.ru https://emlru.webim2.ru https://e-m-l.ru blob:; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:* https://e-m-l.ru; connect-src 'self' https://mc.yandex.com https://translate.yandex.net https://ya.ru https://mc.yandex.ru https://www.google-analytics.com https://crm.e-m-l.ru wss://crm.e-m-l.ru https://e-m-l.ru; 1
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do player.vimeo.com; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com *.googleusercontent.com data:; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https:; worker-src blob: 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-2e708db4d367c400c1186d1feb3e65b9' 'nonce-d33d4e2b67955cbe635d487c23ab2603' 'nonce-938c57efe486d2585cb8cefcdf89b5ed' 'nonce-8779802a7213d242d57e0bf182737951' 'nonce-6e84e5808afb65e7f6a5a876a615585a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-2e708db4d367c400c1186d1feb3e65b9' 'nonce-d33d4e2b67955cbe635d487c23ab2603' 'nonce-938c57efe486d2585cb8cefcdf89b5ed' 'nonce-8779802a7213d242d57e0bf182737951' 'nonce-6e84e5808afb65e7f6a5a876a615585a' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none';child-src *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;connect-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;default-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;font-src 'self' *.googleapis.com *.hotjar.com;form-action 'self';frame-ancestors 'none';frame-src *.hotjar.com;img-src * blob: data:;manifest-src 'self';media-src 'self' cdn.hatom.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com *.hotjar.com;style-src 'self' *.hotjar.com 'unsafe-inline' *.googleapis.com;worker-src 'self'; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com rpxnow.com *.rpxnow.com data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.tt.mbww.com *.analytics.neutrogena.com.mx *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.www.youtube.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1
default-src 'self' *.typekit.net *.google.com *.doubleclick.net *.google.com.tr *.googletagmanager.com blob: data: tacirlerprotfoy.com.tr fxtcr.com 'unsafe-inline' 'unsafe-eval' *.tacirlermenkul.com.tr tacirlermenkul.com.tr tacirlermenkul.com.tr:8080 1
policy-uri /'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman-beta.com *.postman-beta.co *.cdn.postman-beta.com fonts.gstatic.com www.postman-beta.com *.postman-alpha.co fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman-beta.co desktop.postman-beta.com desktop-ent.postman-beta.com *.eu.postman-alpha.co; frame-src looker.postman-beta.co dl-preview-container.pstmn.io skills-assets.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://application.security/ https://accounts.google.com/ https://runtime-assets.pstmn-beta.io/; child-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.postman-beta.com blob:; worker-src 'self' *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com blob:; object-src 'self'; img-src https: data:; media-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman-beta.com *.postman-beta.co *.eu.postman-alpha.co *.cdn.postman-beta.com *.pstmn.io code.jquery.com www.postman-beta.com postman-beta.com googletagmanager.com ssl.google-analytics.com google-analytics.com https://bi-beta.pst.tech https://bi.pst.tech cdnjs.cloudflare.com js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-L5/+rP5XWKfKpQD3+mOFJtGFc+graUZM0N+FDZYRyM2oHwDg'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman-beta.co *.cdn.postman-beta.com *.pstmn.io www.postman-beta.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman-beta.com *.eu.postman-alpha.co accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10505 https: wss://*.postman-beta.co wss://*.gw.postman-beta.co wss://*.gw.postman-beta.com wss://*.gw.eu.postman-alpha.co wss://matrix.postman-beta.co:4000 wss://*.gw.eu.postman-alpha.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=beta 1
default-src 'self'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: ; font-src * 'self'; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self'; worker-src 'self'; frame-ancestors * 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self' 'unsafe-inline'; img-src https://* 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com  *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net static.hotjar.com *.matomo.cloud *.hotjar.com googleads.g.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com cookie-cdn.cookiepro.com www.facebook.com vandemoortele.getbynder.com www.google.com www.google.es www.google.at www.google.it www.google.de www.google.fr www.google.se vandemoortele.matomo.cloud www.google.be px.ads.linkedin.com adservice.google.com www.google.pl www.google.cl *g.doubleclick.net pubads.g.doubleclick.net *amazonaws.com; media-src 'self'; frame-src 'self' *.youtube.com td.doubleclick.net; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' data: cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com privacyportal.cookiepro.com stats.g.doubleclick.net vc.hotjar.io www.google.com google.com www.google.be google.be px.ads.linkedin.com adservice.google.com www.facebook.com cdnjs.cloudflare.com region1.analytics.google.com analytics.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com; font-src 'self' http://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de  *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de  www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src  *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de ; worker-src 'self' *.dehst.de ; 1
upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-a3e35da0973cedd115d507f55cbab8ac' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.abtasty.com *.clarity.ms *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline', default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://td.doubleclick.net/ https://www.youtube-nocookie.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data:; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google.co.uk; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com  *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru  http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data:  http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/; frame-ancestors 'self' https://beyondblue-npsp.my.salesforce-sites.com/; 1
default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://mailworx.marketingsuite.info/Scripts/Captcha https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info/Scripts/Captcha; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha; child-src 'self' https://www.youtube.com https://www.tttech.com https://mailworx.marketingsuite.info https://mailworx.marketingsuite.info/Scripts/Captcha blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' widget.billig-tanken.de googleads.g.doubleclick.net pagead2.googlesyndication.com 'unsafe-eval' 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' 1
policy-uri /'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.p.teads.tv *.googletagmanager.com *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
policy 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.jnjbrasil.com.br *.br.kenvuebrands.com *.cdn.cookielaw.org *.onetrust.com *.pagead2.googlesyndication.com geolocation.onetrust.com *.facebook.net *.google.com.br *.google.com *.doubleclick.net *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com data: *.newrelic.com *.jnjbrasil.com.br *.jnjbrasil.com *.virtualinteractions.com.br *.salesforceliveagent.com *.retargetly.com  *.mathtag.com *.sitescout.com *.doubleclick.net *.tapad.com *.bluekai.com *.adsrvr.org *.adnxs.com *.pubmatic.com *.teads.tv *.smartadserver.com *.dotomi.com *.amazonaws.com *.facebook.com *.nr-data.net *.googlesyndication.com *.googleapis.com *.googleadservices.com *.google.co.in googleads.g.doubleclick.net *.placeholder.com *.google.com.mx *.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net  https://jquery.com/ https://youtube.com/ https://www.youtube.com/ https://www.salesforceliveagent.com/ https://c.la1-c1-frf.salesforceliveagent.com/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://code.jquery.com/ https://connect.facebook.net/ https://facebook.net/ https://johnson.virtualinteractions.com.br https://cdn.cookielaw.org/ https://cookielaw.org/ https://www.google-analytics.com/ https://d.la1-c1-frf.salesforceliveagent.com/ https://d.la3-c1-fra.salesforceliveagent.com/; object-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://br.kenvuebrands.com/  https://www.facebook.com/ https://facebook.com/ https://www.jnjbrasil.com.br/ https://ad.doubleclick.net/ https://analytics.jnjbrasil.com.br/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://google.com/ https://analytics.jnjbrasil.com.br/ *.google.com.br  https://era-images.s3.amazonaws.com https://via.placeholder.com https://d5k2ho7p0o8vp.cloudfront.net https://analytics.google.com https://server-side-tagging-b4b35m77ha-uc.a.run.app data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' *.akeneo.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'nonce-07f41c14e74157aff6fa6296dac0027c13e46705'; img-src 'self' data: *.akeneo.com marketplace.akeneo.com; frame-src *; font-src 'self' data:; connect-src 'self' *.akeneo.com 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://heyzine.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1
default-src 'self'; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://api.reciteme.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://api.reciteme.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://api.reciteme.com 1
default-src 'self' https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://eutils.ncbi.nlm.nih.gov http://eutils.ncbi.nlm.nih.gov eutils.ncbi.nlm.nih.gov https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; font-src 'self' https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de data:; frame-ancestors 'self' https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de data:; media-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; object-src 'self' https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://cdn.matomo.cloud http://cdn.matomo.cloud cdn.matomo.cloud https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://cshs-platform.klinikum-cottbus.de http://cshs-platform.klinikum-cottbus.de cshs-platform.klinikum-cottbus.de 'unsafe-inline' 1
base-uri 'self'; child-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; frame-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; connect-src 'self' wss://micromain-global.firebaseio.com wss://*.firebaseio.com https://*.micromain.global https://micromain.global https://translate.googleapis.com https://api.awesomeblocker.com wss://127.0.0.1 https://fonts.googleapis.com https://translate.google.com https://cdnmd.global-cache.online/ wss://127.0.0.1:*/; default-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com *; img-src 'self' data: micromain.global * blob:; media-src 'self' https://*.micromain.global; script-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' https://micromain.atlassian.net https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://micromain-global.firebaseio.com https://*.firebaseio.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' unsafe-hashes fonts.googleapis.com * 'unsafe-inline'; frame-ancestors 'self' https://*.firebaseio.com https://micromain.global https://*.micromain.global https://*.request.services/ gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=a6bR99Qia62qLhK1s7Zhd6RnJT5MzhFoIcw3J6nqiSDqL6LwIAMp2TrdyOIjlivGCwNmbAUrB80rcAjB92z4Ig%3D%3D; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
base-uri 'self'; child-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; frame-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; connect-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au analytics.google.com; default-src 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au dev.visualwebsiteoptimizer.com www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; img-src 'self' data: * blob:; script-src 'self' assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com dev.visualwebsiteoptimizer.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com gms-c1.gsn.cloud edge.adobedc.net adobedc.demdex.net apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; frame-ancestors 'self' gap: assets.adobedtm.com joey-opsmaxxia.epictenet.live mcmillanshakespearelimited.sc.omtrdc.net mcmillanshakespeare.tt.omtrdc.net mmsg.demdex.net connect.facebook.net static.ads-twitter.com dpm.demdex.net www.google.com www.gstatic.com a.optmnstr.com a.omappapi.com api.omappapi.com z.omappapi.com smetrics.securemaxxia.com.au target.securemaxxia.com.au www.googletagmanager.com admin.epictenet.live www.google-analytics.com stats.g.doubleclick.net *.qualtrics.com apps.mypurecloud.com.au api-cdn.mypurecloud.com.au api.mypurecloud.com.au a.opmnstr.com wss://webmessaging.mypurecloud.com.au *.mypurecloud.com.au; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=QbUDQhzIZCpIB4W4eJxOLa6lHdHLdzGqFEIMzPzWvpz0OB0oJXSL53Qcq38tQtRuNpfkenbPZHzrGlReO4bSBA%3D%3D; 1
default-src 'self'; object-src 'self' https://pts.blacksim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.blacksim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.blacksim.de https://umfrage.blacksim.de https://pts.blacksim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.blacksim.de https://stats.blacksim.de https://imagepool.blacksim.de https://pts.blacksim.de https://analytics.tiktok.com https://umfrage.blacksim.de; script-src 'strict-dynamic' 'nonce-379c533d69d46bac4f1f4ac53630bf33' 'nonce-6de95599e7d7e5f84065d058d55cb757' 'nonce-b4a0a3d7cc5874475a44f6e5eb722ad3' 'nonce-116b290ef8d0517d283b7c6a3bae7ef9' 'nonce-b815b97a044b6e6d6911331172cbf066' 'nonce-2d13f74e90560c9ea876a3994fa477f5' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.blacksim.de https://umfrage.blacksim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-379c533d69d46bac4f1f4ac53630bf33' 'nonce-6de95599e7d7e5f84065d058d55cb757' 'nonce-b4a0a3d7cc5874475a44f6e5eb722ad3' 'nonce-116b290ef8d0517d283b7c6a3bae7ef9' 'nonce-b815b97a044b6e6d6911331172cbf066' 'nonce-2d13f74e90560c9ea876a3994fa477f5' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; child-src 'self'; connect-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl; font-src https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/; form-action 'self' https://*.verzekeringsinzicht.nl; frame-ancestors 'self'; img-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ https://verzekeringsinzicht.nl/images/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/favicon.ico data:; object-src 'none'; script-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/javascript/ https://verzekeringsinzicht.nl/vendor/ 'nonce-A6/kPnM/gI7m26x30nEvojQJ'; style-src https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/vendor/ 'nonce-A6/kPnM/gI7m26x30nEvojQJ'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com *.adform.net js.hs-analytics.net js.hubspot.com js.usemessages.com connect.facebook.net maps.googleapis.com www.gstatic.com www.google.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.adform.net *.google.com.sg *.google.at connect.facebook.net embedwistia-a.akamaihd.net *.googleapis.com *.google.ch *.google.es *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: *.akamaihd.net *.wistia.com; frame-src 'self' *.adform.net fast.wistia.net *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com *.googlesyndication.com px.ads.linkedin.com *.google.be *.adform.net *.google.nl *.google.de connect.facebook.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net connect.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com playout.3qsdn.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com https://b4-wus2-powerbi-funcapp-p01.azurewebsites.net https://app.powerbi.com  1
default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1