Values for x-webkit-csp:
frame-ancestors 'self' 57
default-src 'self' 'unsafe-inline' 37
report-uri /report-csp-violation 27
report-uri /report-csp-violation; upgrade-insecure-requests 24
default-src 'self' 21
default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; 16
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 12
about: 9
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com *.vimeocdn.com https://storage.googleapis.com https://js.navattic.com *.qualified.com https://wpaassets.blob.core.windows.net *.youtube.com vimeo.com *.vimeo.com cdn.cookielaw.org *.onetrust.com *.proofpoint.com https://live.rezync.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self' *.qualified.com; frame-src 'self' 'unsafe-inline' *; frame-ancestors 'self' app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob: *.qualified.com; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 7
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 5
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com *.rainfocus.com 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self' admin.prod.gsb.bmel.in.bund.de;upgrade-insecure-requests; 3
base-uri 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;child-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net;connect-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net  https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net  https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com https://api-engage-us.sitecorecloud.io https://d1mj578wat5n4o.cloudfront.net https://d35vb5cccm4xzp.cloudfront.net 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3
frame-ancestors 'self'; report-uri /log-report-uri/enforce 3
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 3
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 3
frame-ancestors *; report-uri /report-csp-violation 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.wikimedia.org *.youtube.com www.quirksmode.org *.sample-videos.com *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net userlike-cdn-umm.b-cdn.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src 'self' blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2
base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src * blob: data:;default-src 'self';font-src * data:;form-action 'self' *;frame-ancestors 'self' http://localhost:1337 https://*.games.gg https://farcaster.xyz https://thumbgen.games.gg;frame-src *;img-src * data: blob:;manifest-src 'self';media-src * data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vast.gg https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://metrics.games.gg https://t.games.gg https://insights.games.gg https://challenges.cloudflare.com https://ads.adthrive.com https://*.adthrive.com https://*.3lift.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googletagservices.com https://www.googleadservices.com https://*.googletagmanager.com https://ep2.adtrafficquality.google https://imasdk.googleapis.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://cdn.id5-sync.com https://*.cdn.optable.co https://ads.pubmatic.com https://*.sharethrough.com https://groundcontrol.rendering.sharethrough.com https://d9.flashtalking.com https://servedby.flashtalking.com https://*.flashtalking.com https://sb.scorecardresearch.com https://cdn.brandmetrics.com https://collector.brandmetrics.com https://cdn.confiant-integrations.net https://*.adform.net https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io https://*.consentmanager.net https://choices.truste.com https://*.rubiconproject.com https://fastlane.rubiconproject.com https://*.lkqd.net https://cs.lkqd.net https://c.aps.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://static.cloudflareinsights.com https://pixel.adsafeprotected.com https://content.quantcount.com https://creative-measurement.quantcount.com https://pghub.io https://s0.2mdn.net https://*.safeframe.googlesyndication.com/ https://*.yahoo.com https://*.ybp.yahoo.com https://*.adsrvr.org https://*.criteo.com https://*.criteo.net https://*.indexexchange.com https://*.casalemedia.com https://*.openx.net https://*.openx.com https://*.sovrn.com https://*.lijit.com https://*.aidemsrv.com https://*.33across.com https://*.yieldmo.com https://*.medianet.com https://*.contextweb.com https://*.improvedigital.com https://*.smartadserver.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smaato.net https://*.bidswitch.com https://*.admixer.net https://*.adsafeprotected.com https://*.moatads.com https://*.doubleverify.com https://*.fwmrm.net https://*.serving-sys.com https://*.undertone.com https://*.advertising.com https://*.adtech.de https://*.quantserve.com https://*.script.ac https://*.kayzen.io https://*.facebook.net https://*.ads-twitter.com https://mc.yandex.ru https://*.avct.cloud https://www.facebook.com https://analytics.twitter.com https://alb.reddit.com https://*.liadm.com https://*.sng.link https://*.postrelease.com https://*.1rx.io https://*.redditstatic.com https://*.com https://*.net https://*.io blob:;style-src 'self' 'unsafe-inline' *;worker-src 'self' blob:; 2
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 2
default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net base-uri 'self'; connect-src 'self' .pstmn.io https://zer-poc.bzst.de  *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com tracking-api.g2.com www.facebook.com https://lottie.host https://unpkg.com cdn.jsdelivr.net *.onetrust.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz *.lovable.app;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com *.lovable.app;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://unpkg.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net go.esko.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.tremonia-dxp.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do player.vimeo.com *.cdninstagram.com *.fbcdn.net; frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.bmftr.bund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' https://analytics.mmlan.de; style-src 'self' https://analytics.mmlan.de/ 'sha256-VqWowlraFBNcw9MSUtRKR9wWVcfqnRco7jxuBHj8Y/o='; script-src 'self' https://analytics.mmlan.de; img-src 'self' data: https://analytics.mmlan.de/; 2
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org feeds.kobo.com 2
default-src 'self' https://chat.shellfire.de https://www.google.de https://maps.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.analytics.google.com https://*.googleapis.com https://*.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.google.com https://optimize.google.com https://www.sandbox.paypal.com https://www.paypal.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://*.sitegpt.ai https://cdn.jsdelivr.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.shellfire.de https://www.google.com https://maps.google.com https://www.google.net https://connect.facebook.net https://www.google.com https://www.google.net https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://web.facebook.com https://www.googletagmanager.com https://static.ads-twitter.com https://analytics.twitter.com https://*.analytics.twitter.com https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookie-script.com https://report.cookie-script.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://js.stripe.com https://*.clarity.ms https://sitegpt.ai https://*.sitegpt.ai https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.facebook.net https://tagmanager.google.com https://optimize.google.com https://www.paypalobjects.com https://combr-1b07a.kxcdn.com https://cdn.shellfire.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net ; img-src data: * ; 2
base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style 2
frame-ancestors 'none' 2
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de playout.3qsdn.com klimacampus.org *.klimacampus.org *.bne.unesco.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 2
frame-ancestors https://app.storyblok.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'unsafe-inline'  'unsafe-eval'  'self' *.bizzdesign.com pi.pardot.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com *.wistia.com browser.sentry-cdn.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com fast.wistia.net api.ipify.org moderate.cleantalk.org fd.cleantalk.org dywrfp5ctng3l.cloudfront.net cdn.intellimize.co blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net dywrfp5ctng3l.cloudfront.net; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.nl *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com stats.g.doubleclick.net *.wistia.com; media-src data: 'self' *.bizzdesign.com blob:; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com fast.wistia.net www.google.com fast.wistia.net ; frame-ancestors 'self' *.bizzdesign.com enablement.bizzdesign.com engagement.bizzdesign.com admin.mindtickle.com bizzdesign.mindtickle.com browser.sentry-cdn.com ; child-src 'self' *.bizzdesign.com ; font-src 'self' *.bizzdesign.com fonts.gstatic.com *.wistia.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com  *.google.com  ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com pipedream.wistia.com fast.wistia.net fd.cleantalk.org bizzdesign.pinpointhq.com *.wistia.com browser.sentry-cdn.com log.intellimize.co; report-uri /policies/privacy-policy; upgrade-insecure-requests 2
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 2
default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data: https://use.fontawesome.com frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 2
default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.google.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com https://*.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://global.frcapi.com https://www.google.com https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com https://*.kununu.com https://*.spendino.de https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://cshs.myskbs.de https://pro.doctolib.de https://*.amazonaws.com https://*.cloudfront.net https://*.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com https://*.cloudfront.net https://*.kununu.com https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com https://*.youtube-nocookie.com https://*.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://*.kununu.com https://*.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 2
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li https://cdn.growify.ai; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu https://*.google.bg https://*.googletagmanager.com; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/ https://pagead2.googlesyndication.com https://us-central1-growify-346505.cloudfunctions.net https://*.legalweb.io; report-uri /report-csp-violation 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://storage.googleapis.com https://cdn.jsdelivr.net https://malsup.github.io https://static.cloudflareinsights.com https://telegram.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://netdna.bootstrapcdn.com data:; img-src 'self' data: https: blob:; media-src 'self' data: blob:; connect-src 'self' blob: https://api.pwagroup.ai wss://api.pwagroup.ai https://ads.pwagroup.ai https://preview.pwagroup.ai https://sentry.pwastage.xyz https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://malsup.github.io https://telegram.org https://oauth.telegram.org; worker-src 'self' blob:; manifest-src 'self'; frame-src https://telegram.org https://oauth.telegram.org https://preview.pwagroup.ai https://www.youtube.com; frame-ancestors 'self' https://dash.pwa.group https://preview.pwa.group https://*.pwa.group https://*.pwagroup.ai; base-uri 'self'; form-action 'self' https://preview.pwagroup.ai; object-src 'none'; upgrade-insecure-requests; report-uri https://dash.pwa.group/api/101/csp-report; 2
default-src 'self' data: drupal.org *.typekit.net *.crazyegg.com; script-src 'unsafe-inline' 'self' data: drupal.org *.typekit.net www.youtube.com cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com www.googletagmanager.com gov-bam.nr-data.net js-agent.newrelic.com *.crazyegg.com static.adds-twitter.com snap.licdn.com *.teads.tv connect.facebook.net *.linkedin.com *.doubleclick.net *.facebook.com px.ads.linkedin.com cdn.linkedin.oribi.io static.ads-twitter.com s.go-mpulse.net c.go-mpulse.net *.osano.com analytics.google.com blob: js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net; style-src 'unsafe-inline' 'self' data: blob: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com fonts.googleapis.com *.fonts.net *.osano.com *.crazyegg.com; img-src 'self' www.facebook.com www.youtube.com analytics.twitter.com t.co www.google-analytics.com www.google.com *.teads.tv px.ads.linkedin.com www.googletagmanager.com www.linkedin.com data: *.crazyegg.com track.hubspot.com forms.hsforms.com; media-src 'self' www.youtube.com; frame-src 'self' www.youtube.com www.facebook.com www.google.com html5-player.libsyn.com playlist.megaphone.fm www.podcastone.com p.teads.tv fledge.teads.tv *.osano.com *.crazyegg.com; child-src 'self' data: blob: drupal.org *.typekit.net *.osano.com; font-src 'self' fonts.gstatic.com fast.fonts.net; connect-src 'self' data: drupal.org *.typekit.net www.google-analytics.com cdn.linkedin.oribi.io cm.teads.tv *.doubleclick.net *.crazyegg.com bam.nr-data.net www.facebook.com t.teads.tv *.osano.com c.go-mpulse.net *.akstat.io analytics.google.com *.akamaihd.net px.ads.linkedin.com forms.hscollectedforms.net 1
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-sZivqH24Ra/t64NMTVF0f4x1q+MNilUMCbE7+8NGInCuzi+O'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.youtube.com *.google.com *.googletagmanager.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.here.com *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it *.adobe.com; worker-src 'self' blob: *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.here.com *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
connect-src * 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3 https://cdn.matomo.cloud https://googleads.g.doubleclick.net https://a.usbrowserspeed.com https://d-code.liadm.com https://googleads.g.doubleclick.net https://mises.matomo.cloud https://cdnjs.cloudflare.com https://donorbox.org  https://static.filestackapi.com https://js.stripe.com https://www.google.com/pay; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com https://donorbox.org; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1
default-src 'self' ; connect-src 'self' piwik.itzbund.de matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com playout.3qsdn.com klimacampus.org start.video-stream-hosting.de *.bne.unesco.de; img-src 'self' data: piwik.itzbund.de matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-k7N8fLfenYyQFByO60ffgA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
: default-src * 1
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com doo.net piwik.itzbund.de *.jsdelivr.net *.frcapi.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.jsdelivr.net *.frcapi.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; connect-src 'self' *.itzbund.de *.dtvp.de; frame-ancestors 'self'; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.dynamicyield.com *.bootstrapcdn.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech  mycliplister.com wss://*.hotjar.com 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://static.zdassets.com https://gpt.avm.botario.com https://www.gravatar.com https://cdn.plyr.io ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com https://cdn.plyr.io blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com wss://pod-28.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com wss://gpt.avm.botario.com https://cdn.plyr.io ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://widget-mediator.zopim.com https://gpt.avm.botario.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com https://gpt.avm.botario.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com  1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn6.prod.gsb.bgh.in.bund.de piwik.itzbund.de 1
default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://cdntag.tarteaucitron.io/ cdntag.tarteaucitron.io https://logs.tarteaucitron.io/ logs.tarteaucitron.io https://www.tiktok.com https://www.instagram.com/ https://platform.twitter.com/ https://www.myadvent.net/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ https://*.cnes.fr; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://*.cnes.fr; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://cdntag.tarteaucitron.io/css/ cdntag.tarteaucitron.io/css/ https://fonts.googleapis.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/ https://logs.tarteaucitron.io/ logs.tarteaucitron.io https://content.milibris.com/ https://*.cnes.fr; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/ https://*.cnes.fr; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com  youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://cdntag.tarteaucitron.io cdntag.tarteaucitron.io https://logs.tarteaucitron.io/ logs.tarteaucitron.io https://videotheque.cnes.fr/ https://app.myadvent.net/ https://www.facebook.com/ https://www.linkedin.com/  https://www.instagram.com/ https://platform.twitter.com/  https://www.tiktok.com/ https://open.spotify.com/ https://*.twitch.tv https://*.cnes.fr umap.openstreetmap.fr https://*.google.com/ https://*.qqf.fr/; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://cdntag.tarteaucitron.io/ cdntag.tarteaucitron.io https://logs.tarteaucitron.io/ logs.tarteaucitron.io https://*.cnes.fr; child-src 'self'  https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://cdntag.tarteaucitron.io cdntag.tarteaucitron.io https://logs.tarteaucitron.io/ logs.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.cafeyn.co; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://cdntag.tarteaucitron.io/ cdntag.tarteaucitron.io https://logs.tarteaucitron.io/ logs.tarteaucitron.io https://content.milibris.com/ https://www.tiktok.com  https://*.cnes.fr 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1
default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; Content-Security-Policy: default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://*.1ka.com *.1ka.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://*.agego.com *.agego.com https://*.yoti.com *.yoti.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.agego.com *.agego.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://beta.sheer.com beta.sheer.com https://beta2.sheer.com beta2.sheer.com https://beta3.sheer.com beta3.sheer.com https://beta4.sheer.com beta4.sheer.com https://beta5.sheer.com beta5.sheer.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self'; font-src 'self' data: https://use.typekit.net  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://cdn.jsdelivr.net/* https://cdn.jsdelivr.net/* https://widget.rather.chat https://widget.rather.chat/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://*.company-target.com https://*.rlcdn.com https://flagcdn.com https://flagcdn.com/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-src 'self' https://www.oldmutual.co.za/ https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://*.company-target.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://goals-api.my.oldmutual.co.za wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://omdms.oldmutual.com.gh https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.rather.chat https://*.rather.chat/* https://maps.googleapis.com/maps/* https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com https://px.ads.linkedin.com https://analytics-ipv6.tiktokw.us; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://customer.cludo.com/ https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://dsp-media.eskimi.com https://s2s.oldmutual.co.za/static/DhPixel.js https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.company-target.com https://widget.rather.chat https://widget.rather.chat/* https://js-cdn.dynatrace.com/jstag/15fc9f135f3/bf62395jrv/a207cbaa8e544abe_complete.js https://js-cdn.dynatrace.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com https://www.clarity.ms; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/ https://oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 365.hosting webhost1.ru d.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru yookassa.ru geoadv-partner.yandex.ru direct.yandex.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.jivo.ru *.jivosite.com privacy-cs.mail.ru top-fwz1.mail.ru infird.com .stripe.com *.sbis.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1
default-src 'self' data: www.waf.simplesdental.com *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.waf.simplesdental.com *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com nonce-0688f2011cf32c6c471ed4de1e1b983a *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/645ce8e8af0302001ab5296a.js; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob: www.googletagmanager.com; media-src 'self' data: https: blob:; frame-src 'self' data: blob: www.waf.simplesdental.com *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms clarity.microsoft.com *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co *.varify.io *.doubleclick.net *.hsappstatic.net *.hubspot.com *.hs-scripts.com *.hs-analytics.net; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1
child-src 'self' https://haw-hio-cust4.usercontent-test-hispro.de https://login.haw-hamburg.de https://mathplan.de https://test-haw-hamburg.mathplan.de     https://haw-hamburg.de https://www.haw-hamburg.de https://myhaw.haw-hamburg.de; font-src 'self'; frame-src 'self' https://*.haw-hamburg.de https://*.*.haw-hamburg.de https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'unsafe-eval' 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de 'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src data:  *.haw-hamburg.de  *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
img-src 'self' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://accelerator.extern.hmmh.io https://piwik.norma-online.de https://*.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://*.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com pei.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com pei.de www.pei.de; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de pei.de www.pei.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1
frame-ancestors https://mon-programme-eco-sante.harmonie-mutuelle.fr https://acp-harmonie-prod.sharecare.paris https://acp-harmonie-test.sharecare.paris https://acp-harmonie-preprod.sharecare.paris https://hm-preprod.sharecare.paris; upgrade-insecure-requests 1
script-src 'nonce-4c069b19-cdac-4702-b2ee-d06d99187e3a' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com *.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com https://fonts.cdnfonts.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com id.gov.ua *.sentry-cdn.com *.sentry.io dzo-market-206424851631.s3.eu-central-1.amazonaws.com google.com; connect-src 'self'  https://*.prozorro.gov.ua  https://public-api-staging.prozorro.gov.ua  https://public-docs-staging.prozorro.gov.ua  https://*.google-analytics.com  https://www.googletagmanager.com  https://fonts.cdnfonts.com  https://fonts.googleapis.com  https://fonts.gstatic.com  https://*.sentry.io  https://*.sentry-cdn.com  https://*.facebook.net  https://*.doubleclick.net  https://*.cipher.kiev.ua  data: blob:; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com https://s.lotto-hessen.de 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud;       frame-src 'self' blob: *.googletagmanager.com *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com;       child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com;       connect-src 'self' *.fbcdn.net *.googleapis.com *.gstatic.com *.clarity.ms *.bing.com *.yimg.jp *.yahoo.co.jp *.facebook.com *.facebook.net *.googletagmanager.com *.google.com *.googleadservices.com *.googlesyndication.com *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.amazon-adsystem.com *.redditstatic.com *.reddit.com *.paa-reporting-advertising.amazon *.contextweb.com;       font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com;       img-src 'self' data: google.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de;       script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.fbcdn.net *.clarity.ms *.googlesyndication.com *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com *.amazon-adsystem.com *.redditstatic.com *.reddit.com *.paa-reporting-advertising.amazon *.contextweb.com;       style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com cdn.tailwindcss.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com zortrax.us14.list-manage.com *.list-manage.com  *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com *.facebook.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net https://www.googletagmanager.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.recaptcha.net https://www.googletagmanager.com https://cdn.jsdelivr.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://fonts.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net https://forms.hsforms.com https://heatmaps.monsido.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.gtranslate.net https://cdn.jsdelivr.net https://www.youtube.com https://vimeo.com https://player.vimeo.com https://unpkg.com https://cdnjs.cloudflare.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://static.addtoany.com https://www.instagram.com https://maps.googleapis.com https://app-script.monsido.com https://heatmaps.monsido.com https://cdn.monsido.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://paperform.co/__embed.min.js https://ajax.googleapis.com https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://snap.licdn.com https://analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms https://bat.bing.com  https://js-agent.newrelic.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://toolbar.freshmarketer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://*.freshworks.com https://*.freshchat.com https://fonts.googleapis.com https://d15qjtw2mfbt44.cloudfront.net https://toolbar.freshmarketer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' 'unsafe-inline' data: https://redsalud.widen.net https://cdn.gtranslate.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://tracking.monsido.com https://cdn.monsido.com https://www.google.com https://www.google.com.co https://www.google.cl https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://googleusercontent.com https://lh3.googleusercontent.com https://*.freshworks.com https://*.freshchat.com https://px.ads.linkedin.com https://analytics.tiktok.com https://bat.bing.com https://*.clarity.ms https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io; media-src 'self' 'unsafe-eval' https://redsalud.widen.net https://previews.us-east-1.widencdn.net https://youtu.be https://www.youtube.com https://vimeo.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://vimeo.com https://player.vimeo.com https://www.google.com https://www.googletagmanager.com https://calendar.google.com https://google.com https://static.addtoany.com https://drive.google.com https://www.facebook.com https://accounts.google.com https://open.spotify.com https://www.instagram.com https://app-script.monsido.com https://heatmaps.monsido.com https://cdn.monsido.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.paperform.co https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://vars.hotjar.com https://lookerstudio.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://datastudio.google.com/ ; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://heatmaps.monsido.com https://*.freshworks.com https://*.freshchat.com https://fonts.gstatic.com https://d15qjtw2mfbt44.cloudfront.net https://toolbar.freshmarketer.com; connect-src 'self' https://bam.nr-data.net https://js-agent.newrelic.com https://www.google.com https://www.google.com.co https://www.google.cl https://www.googleadservices.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://cdn.monsido.com https://heatmaps.monsido.com https://app-script.monsido.com https://fw-cdn.com https://*.freshworks.com https://*.freshchat.com https://px.ads.linkedin.com https://analytics.tiktok.com https://bat.bing.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://*.freshmarketer.com https://*.freshworks.com https://*.fwusercontent.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.licdn.com *.newrelic.com *.betrad.com bam.nr-data.net *.addtoany.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net stats.g.doubleclick.net *.gstatic.com *.googleadservices.com *.googletagmanager *.googlesyndication.com *.doubleclick.net *.cookiebot.com *.cookieinformation.com *.yandex.ru *.hs-scripts.com *.clarity.ms *.hotjar.com *.hs-banner.com *.hs-analytics.net *.unpkg.com *.acsbapp.com https://cdn.jsdelivr.net/npm/vue/dist/vue.js https://unpkg.com/vue-i18n@8 https://unpkg.com/axios/dist/axios.min.js https://cdn.acsbapp.com *.zohopublic.com https://analytics.tiktok.com https://acsbapp.com view.genially.com statics-view.genially.com teams.microsoft.com https://cdn.jsdelivr.net/npm/vue@2/dist/vue.min.js; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com fonts.cdnfonts.com *.cloudflare.com *.youtube.com *.typography.com *.google.com *.gstatic.com *.fonts.cdnfonts.com *.unpkg.com statics-view.genially.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com *.ytimg.com *.googletagmanager.com *.linkedin.com *.doubleclick.net *.google.com *.google.co.uk *.doubleclick.net *.doubleclick.net *.betrad.com *.amazonaws.com *.evidon.com *.facebook.com *.google.com.pe *.cookiebot.com *.hsforms.com *.hubspot.com *.hsappstatic.net *.youtube.com *.vimeo.com *.zoho.com https://crm.zohopublic.com *.acsbapp.com https://zoho.com https://www.googleadservices.com https://contenidos.ulima.edu.pe img.genially.com static.genially.com img.genial.ly; media-src 'self' data: *.youtu.be *.youtube.com *.ytimg.com *.gstatic.com *.cdn.jsdelivr.net *.googleapis.com *.google.com *.googlevideo.com *.googleusercontent.com *.ggpht.com *.googleusercontent.com static.genially.com; frame-src 'self' *.static.addtoany.com *.youtube.com *.youtu.be *.youtu.be info.evidon.com *.doubleclick.net *.gstatic.com *.cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com *.google.com *.cookiebot.com *.cookieinformation.com *.hs-sites.com *.vnforapps.com *.cloudfront.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.googleusercontent.com *.ggpht.com *.googleusercontent.com youtube.com; frame-ancestors 'self'; child-src 'self' *.addtoany.com *.youtube.com *.youtu.be *.youtu.be *.evidon.com *.doubleclick.net *.youtube.com *.googleusercontent.com *.ggpht.com *.googleusercontent.com *.acsbapp.com:* https://acsbapp.com/apps/app/dist/js/app.js; font-src 'self' fonts.genially.com static.genially.com fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.google.com *.googlesyndication.com *.analyze.ly *.google.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.cookiebot.com *.linkedin.com *.cookieinformation.com *.zoho.com *.acsbapp.com https://unpkg.com/axios/dist/axios.min.js.map https://analytics.tiktok.com https://acsbapp.com https://analytics-ipv6.tiktokw.us s3-static-genially.genially.com view.genially.com analytics.genially.com https://udelima.app.n8n.cloud/webhook/605a1312-4e8a-46ea-bc5c-b3d56a381cb1/chat ; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-apac.nestlehealthscience.com.au https://*.qualtrics.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://siteintercept.qualtrics.com; media-src *; frame-src * *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.qualtrics.com; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-apac.nestlehealthscience.com.au https://*.qualtrics.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com analytics.mbda-systems.com static.addtoany.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.epresspack.online analytics.mbda-systems.com; img-src 'self' data: *.epresspack.online newsroom.mbda-systems.com analytics.mbda-systems.com; media-src 'self' about: data:; frame-src 'self' *.youtube.com static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' analytics.mbda-systems.com static.addtoany.com stats.addtoany.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com cdn.ckeditor.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-iTBLa9O5iw7kksianMufNw=='; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self' https://www.googletagmanager.com https://connect.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com/nr-spa-1.310.1.min.js https://cdn.userway.org https://cdn.gtranslate.net https://cdn.agentbot.net https://static.addtoany.com https://cdn.jsdelivr.net https://www.youtube.com https://vimeo.com https://player.vimeo.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://www.facebook.com https://*.facebook.net https://*.fbcdn.net https://snap.licdn.com/ https://avi-web-scripts.s3.us-east-1.amazonaws.com https://avi.unisabana.edu.co https://www.clarity.ms https://images.unisabana.edu.co; object-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.userway.org https://static.canva.com https://unpkg.com https://cdnjs.cloudflare.com https://cdn.gtranslate.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com; img-src 'self' 'unsafe-inline' https://usabana.widen.net https://cdn.gtranslate.net https://objectstorage.us-ashburn-1.oraclecloud.com https://cdn.userway.org data: https://cdn.jsdelivr.net https://previews.us-east-1.widencdn.net https://i.ytimg.com https: blob: https://static.canva.com; media-src 'self'  'unsafe-eval' https://agentcore.s3.amazonaws.com https://usabana.widen.net https://previews.us-east-1.widencdn.net https://youtu.be https://www.youtube.com https://vimeo.com https://player.vimeo.com data: https: blob: https://static.canva.com; frame-src 'self' https://static.addtoany.com https://cdn.userway.org https://www.youtube.com https://online.flippingbook.com https://formconnector.com https://view.genially.com https://vimeo.com https://player.vimeo.com https://www.google.com https://canvateam.zendesk.com https://phoenix.canva.com https://www.canva-iris.com https://www.canva.com https://app.powerbi.com https://view.genial.ly https://w.soundcloud.com https://www.googletagmanager.com https://td.doubleclick.net https://calendar.google.com https://google.com https://live.unisabana.edu.co/ https://avi.unisabana.edu.co/; frame-ancestors 'self' https://www.unisabana.edu.co https://unisabanastartdev.prod.acquia-sites.com https://unisabanastartstage.prod.acquia-sites.com https://unisabanastartprod.prod.acquia-sites.com https://campusvirtual.unisabana.edu.co  http://campusvirtual.unisabana.edu.co https://unisabanaprod.acquia-sites.com  https://unisabanaprod.prod.acquia-sites.com; child-src 'self' https://unisabanastartdev.prod.acquia-sites.com https://unisabanastartstage.prod.acquia-sites.com https://unisabanastartprod.prod.acquia-sites.com https://campusvirtual.unisabana.edu.co http://campusvirtual.unisabana.edu.co; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org data: https: https://static.canva.com; connect-src 'self' https://adapter.aivo.co https://api.userway.org https://cdn.userway.org https: data: wss: https://o13855.ingest.sentry.io https://telemetry.canva.com/v1/traces https://translate-pa.googleapis.com/v1/translateHtml https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.ckeditor.com *.google.com *.googletagmanager.com *.google-analytics.com  *.doubleclick.net *.cookielaw.org *.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.mailchimp.com; img-src 'self' data: blob: *.youtube.com *.google.com *.google.ro *.googletagmanager.com *.shortpixel.ai; media-src 'self' blob: *.youtube.com *.google.ro *.shortpixel.ai; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.etapestry.com etapestry.sky.blackbaud.com *.vercel.app *.google.com *.spotify.com; font-src 'self'; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' data: 'unsafe-inline' bitrix.info uaas.yandex.ru vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info abt.s3.yandex.net api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.openstreetmap.org ; media-src 'self' ; font-src 'self' ; frame-src 'self' data: ; connect-src 'self' data: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com:* static.addtoany.com:* cdn.jsdelivr.net:*  googleads.g.doubleclick.net:* connect.facebook.net:* cdnjs.cloudflare.com:* cdn.cookielaw.org:* *.gigya.com:* *.qualtrics.com *.adimo.co:* app.tintup.com:* tintup.com:* www.tintup.com www.google.com www.recaptcha.net www.gstatic.com *.nestlegoodnes.com js-agent.newrelic.com:* assets.pinterest.com:* *.atlassian.net:* apis.google.com:* *.qualifioapp.com; object-src 'none'; frame-src 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com *.qualtrics.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.youtube.com *.qualifioapp.com; frame-ancestors 'self' www.google.com www.recaptcha.net www.gstatic.com recaptcha.google.com static.addtoany.com:* td.doubleclick.net:* www.googletagmanager.com *.gigya.com td.doubleclick.net www.facebook.com app.tintup.com www.tintup.com *.adimo.co assets.pinterest.com *.atlassian.net *.qualifioapp.com; report-uri /log-report-uri/enforce 1
frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com https://unibuddy.co https://cdn.unibuddy.co https://popcard.unibuddy.co; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com *.rsi.ch *.arte.tv  *.github.io *.linkedin.com *.googletagmanager.com *.soundcloud.com https://unibuddy.co https://cdn.unibuddy.co https://popcard.unibuddy.co *.srf.ch *.srf.ch/play; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
frame-ancestors https://deejay.de https://*.deejay.de  https://vinylfuture.com https://*.vinylfuture.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com https://*.qualtrics.com api.wire.spbx.app blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com https://*.qualtrics.com *.mdhv.io api.wire.spbx.app *.adsrvr.org data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com www.kff.org s.company-target.com https://*.qualtrics.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net https://*.qualtrics.com *.sentry-cdn.com *.adsrvr.org; upgrade-insecure-requests 1
: default-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://code.highcharts.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be  https://app.usercentrics.eu/ https://burden.sciensano.be heyzine.com/flip-book/ https://charts.sciensano.be https://podcasters.spotify.com https://lucid.app/documents/embedded/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1
frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1
default-src    'self' ws:;script-src      'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com static.ads-twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com *.emailsys1c.net *.emailsys1a.net cdn-prod.wdesk.com cdn.jsdelivr.net ixbrviewer.pages.dev;style-src        'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src          'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src            'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net *.emailsys1a.net t.co/i/adsct *.cookiebot.com;frame-src        'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com embed.podcasts.apple.com open.spotify.com platform.twitter.com;connect-src    'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings *.emailsys1c.net *.emailsys1a.net consentcdn.cookiebot.com analytics.twitter.com cdn.linkedin.oribi.io/partner/3468146/domain/gleif.org/token px.ads.linkedin.com;prefetch-src  'self' *.disquscdn.com disqus.com; 1
default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdnjs.cloudflare.com *.gstatic.com https://incyte.piwik.pro; style-src 'unsafe-inline' 'self' *.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net https://cdn.incyte.com; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net *.youtube-nocookie.com; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.winsim.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://livechat.winsim.de wss://livechat.winsim.de https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-7b409db175bc56560dc5040e37e0738e' 'nonce-412abf820a3c4674da16a5c1c5a9f43f' 'nonce-5b44bcfa5a405c342510cfebe1afe8dc' 'nonce-db378a9a3ec25817d39da6a310f54d19' 'nonce-5e4d56af56804ddbc3c7ba2f7f130b84' 'nonce-c1e9e163c58143a82eeb8c3a9ab24b5a' 'nonce-6a1382bfee9aa42fc7c32361c10cf513' 'nonce-d9452f1b8515aaaefd0d60e7e85aa051' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7b409db175bc56560dc5040e37e0738e' 'nonce-412abf820a3c4674da16a5c1c5a9f43f' 'nonce-5b44bcfa5a405c342510cfebe1afe8dc' 'nonce-db378a9a3ec25817d39da6a310f54d19' 'nonce-5e4d56af56804ddbc3c7ba2f7f130b84' 'nonce-c1e9e163c58143a82eeb8c3a9ab24b5a' 'nonce-6a1382bfee9aa42fc7c32361c10cf513' 'nonce-d9452f1b8515aaaefd0d60e7e85aa051' 'self' 'unsafe-inline' https: 'report-sample' 1
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://assets.adobedtm.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://public.flourish.studio/ https://www.recaptcha.net https://www.gstatic.com https://*.google.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://code.jquery.com https://cdnjs.cloudflare.com; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com https://worldbankgroup.sc.omtrdc.net https://smetrics.miga.org https://*.twitter.com https://*.t.co https://*.facebook.com https://*.fbcdn.net https://connect.facebook.net https://*.linkedin.com https://*.worldbank.org https://cm.everesttech.net; frame-src 'self' https://www.youtube.com https://world-bank-editorial.shorthandstories.com https://flo.uri.sh/ https://stories.worldbank.org/ https://www.recaptcha.net https://www.google.com https://www.gstatic.com https://*.demdex.net; frame-ancestors 'none'; font-src 'self'  https://cdnjs.cloudflare.com; connect-src 'self' https://dpm.demdex.net https://public.flourish.studio https://worldbankgroup.sc.omtrdc.net https://*.tt.omtrdc.net https://smetrics.miga.org https://trustfunds.worldbank.org https://*.t.co https://*.google.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.googlesyndication.com https://pagead2.googlesyndication.com https://*.recaptcha.net https://*.twitter.com https://*.linkedin.com https://*.adobedtm.com https://*.adobedc.net; report-uri /report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.sim.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://livechat.sim.de wss://livechat.sim.de https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-56c3db59762686f07b5b644be5cab70a' 'nonce-200263b57922df0f5c3f5f0c1e49739e' 'nonce-76a953ac6571174efa5010fcab5ac0b3' 'nonce-46f5a195500d4ea85329a5e8e2b12b62' 'nonce-1901a0b024167c258a8dcc8ceaaeda60' 'nonce-a3bdcd043abcfa7a669eaa40a566c37d' 'nonce-4eb050a9e855b0b797a4d6ec37642bce' 'nonce-192eced40a072080c7aae8777476dc1f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-56c3db59762686f07b5b644be5cab70a' 'nonce-200263b57922df0f5c3f5f0c1e49739e' 'nonce-76a953ac6571174efa5010fcab5ac0b3' 'nonce-46f5a195500d4ea85329a5e8e2b12b62' 'nonce-1901a0b024167c258a8dcc8ceaaeda60' 'nonce-a3bdcd043abcfa7a669eaa40a566c37d' 'nonce-4eb050a9e855b0b797a4d6ec37642bce' 'nonce-192eced40a072080c7aae8777476dc1f' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br https://moderate.cleantalk.org; script-src 'self' https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br https://monsido-consent.com https://cdn.monsido.com https://heatmaps.monsido.com https://moderate.cleantalk.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js-agent.newrelic.com data: 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://tracking.monsido.com https://www.googletagmanager.com https://analytics.google.com https://www.google.com https://www.gstatic.com https://integra.softmarketing.com.br https://code.jquery.com https://softapi2.softmarketing.com.br https://fd.cleantalk.org https://cdn.ckeditor.com; object-src 'self' https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br https://moderate.cleantalk.org https://www.youtube.com; style-src https: 'unsafe-inline' 'self' https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br; img-src 'self' data: https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br https://tracking.monsido.com https://cdn.monsido.com https://www.google.com.br https://www.googletagmanager.com https://integra.softmarketing.com.br https://i.ytimg.com https://*.tile.openstreetmap.org https://tile.openstreetmap.org https://server.arcgisonline.com; media-src 'self' https://www.sanepar.com.br https://sanepar.com.br https://www-prd.sanepar.com.br https://www.youtube.com; frame-src *.sanepar.com.br https://moderate.cleantalk.org https://www.youtube.com https://www.youtube-nocookie.com https://webservice.telelog.com.br https://www.google.com https://integra.softmarketing.com.br https://aguasegura.github.io; frame-ancestors *.sanepar.com.br https://moderate.cleantalk.org; child-src *.sanepar.com.br https://moderate.cleantalk.org; font-src 'self'  https://fonts.gstatic.com https://softapi2.softmarketing.com.br; connect-src 'self' https://moderate.cleantalk.org https://api.monsido-consent.com https://monsido-consent.com https://heatmaps.monsido.com https://bam.nr-data.net https://www.youtube.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.br https://www.googletagmanager.com https://acc-integra.softmarketing.com.br https://integra.softmarketing.com.br https://fd.cleantalk.org https://servicodados.ibge.gov.br https://nominatim.openstreetmap.org https://*.tile.openstreetmap.org https://tile.openstreetmap.org https://server.arcgisonline.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://connectwidgets.sutherlandconnect.com newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://ckf02.lancsd.org https://bam.nr-data.net https://js-agent.newrelic.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdn.sutherland.ai/messenger/twix/build/js/sgs-bundle.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://challenges.cloudflare.com/turnstile/v0/api.js https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://marspulse.my.site.com/ESWMWEinsteinBotGeneri1749101303349/assets/js/bootstrap.min.js https://analytics.tiktok.com https://analytics.tiktok.com/* https://tr.snapchat.com/* https://tr.snapchat.com https://*.bazaarvoice.com https://static.searchstax.com/studio-js/v3/js/studio-analytics.js; object-src 'none'; frame-src 'self' blob: https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://challenges.cloudflare.com/ https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://analytics.tiktok.com https://www.youtube-nocookie.com/ https://*.bazaarvoice.com.net https://www.youtube-nocookie.com https://www.facebook.com; child-src blob: 1
object-src none; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.localizecdn.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io assets.gyant.com pds.fabrichealth.com pds.stage.fabrichealth.com mts.pds.stage.fabrichealth.com pds.qa.fabrichealth.com pds.dev.fabrichealth.com mtf.pds.stage.fabrichealth.com *.kameleoon.com *.kameleoon.io *.kameleoon.eu *.kameleoon.net cdn.vidstack.io; upgrade-insecure-requests 1
base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google.se *.google-analytics.com *.convertexperiments.com *.oresundsbron.com *.adnxs.com *.bing.com *.bing.net *.clarity.ms *.facebook.com *.googleadservices.com *.powerplatform.com *.botframework.com wss://*.botframework.com *.quicksearch.se;font-src 'self' https://fonts.gstatic.com data:;form-action 'self' https://www.facebook.com;frame-ancestors self https://app.contentful.com;img-src 'self' data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://region1.google-analytics.com *.bing.com *.bing.net *.clarity.ms blob: *.quicksearch.se;manifest-src 'self';media-src 'self' data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.convertexperiments.com *.powerplatform.com *.bing.com *.bing.net *.clarity.ms *.botframework.com *.quicksearch.se;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.bing.com *.bing.net *.clarity.ms *.quicksearch.se;worker-src 'self'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-0393ada351373d718c9671d3b76f9ded' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-0393ada351373d718c9671d3b76f9ded' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com d2hxmxr8sknmfu.cloudfront.net; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com wss://*.ca-central-1.amazonaws.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org  https://cas.zma.gs/5406ddafe4b098fb1ee80a84/ssr/containers/20f59a2b-d9fe-4355-8530-33c659597e30/init.js https://static.klaviyo.com https://static-tracking.klaviyo.com https://cas.zma.gs https://apps.bazaarvoice.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://snap.licdn.com https://www.upsellit.com https://googleads.g.doubleclick.net  https://d.impactradius-event.com https://googleads.g.doubleclick.net https://app.upsellit.com cdn.pricespider.com https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://px.ads.linkedin.com https://analytics.tiktok.com https://tr.snapchat.com https://connect.letslinc.com https://bat.bing.com https://static.searchstax.com/studio-js/v3/js/studio-analytics.js https://cdn.wayvia.com/1/5585/ps-utid.js; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://privacyportal.onetrust.com https://stage.brandsitedata.mars.com/orchard_vr/vr.html https://td.doubleclick.net https://ct.pinterest.com  https://care.letslinc.com https://www.youtube-nocookie.com; child-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-42e56ce2973ce66e1646a09d1c0df537'; child-src blob: ; frame-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' medien01.gsb.bund.de; media-src blob: 'self' medien01.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com  *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com hec-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com hec-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com; font-src 'self' data:; report-uri /hec-report-csp-violation 1
font-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://cdnjs.cloudflare.com https://maps.googleapis.com/maps/api/js https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://*.gstatic.com https://docs.google.com/; img-src * data: blob:; font-src *; worker-src * data: blob: 1
frame-ancestors 'self'; report-uri /report-csp-violation 1
"default-src *" 1
frame-ancestors 'self' https://journeokioskcontent.azurewebsites.net/; report-uri /report-csp-violation 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.victoria.ca *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recollect.net ; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com tagmanager.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recaptcha.net *.recollect.net translate-pa.googleapis.com addsearch.com *.jsdelivr.net *.ecdev.org *.facebook.net googleads.g.doubleclick.net cdn.feedbucket.app https://cdnjs.cloudflare.com; object-src 'self' *.googlesyndication.com https://cityofvictoria.perfectmind.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.typekit.net *.fontawesome.com fonts.googleapis.com translate.googleapis.com unpkg.com *.gstatic.com *.googletagmanager.com *.fastly.net *.addsearch.com *.ecdev.org cdn.feedbucket.app https://cdnjs.cloudflare.com; img-src 'self' data: blob: *.google.com *.google.ca *.googleadservices.com *.fastly.net *.ytimg.com *.recollect.net *.gstatic.com *.openstreetmap.org *.addsearch.com *.cloudfront.net *.googletagmanager.com addsearch.com *.googleapis.com *.cloudfront.net *.arcgisonline.com *.victoria.ca; frame-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net  azurewebsites.net *.azurewebsites.net *.ecdev.org *.escribemeetings.com alertable.ca; frame-ancestors 'self' *.facebook.com *.bsky.app *.linkedin.com *.instagram.com *.cdninstagram.com *threads.net ; child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net azurewebsites.net *.azurewebsites.net; font-src 'self' *.gstatic.com *.fontawesome.com data: *.typekit.net fastly.net *.global.ssl.fastly.net *.fastly.net recollect-us.global.ssl.fastly.net *.scite.ai; connect-src 'self' https://*.victoria.ca *.fontawesome.com *.google.com *.google-analytics.com *.fontawesome.com *.googleadservices.com *.googleapis.com *.azurewebsites.net *.recaptcha.net dashboard.feedbucket.app; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src 'unsafe-inline'  'unsafe-eval' 'self'  *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com  *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://nestlecesomni.my.site.com https://*.qualtrics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co *.salesforce-sites.com https://nestlecesomni.my.site.com; img-src  'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com https://app.optimizely.com https://cdn.optimizely.com https://siteintercept.qualtrics.com/; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com https://nestlecesomni.my.salesforce-scrt.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/ https://a5763127292198912.cdn.optimizely.com https://a5763127292198912.cdn-pci.optimizely.com *.salesforce-sites.com https://*.qualtrics.com https://nestlecesomni.my.site.com/ https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/ESWUSMIAWAtHomeStarbuck1770364492806/assets/htdocs/sitecontext.min.html; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us  *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/ *.salesforce-sites.com https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob: https://*.optimizely.com; font-src  'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com https://*.optimizely.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com https://nestlecesomni.my.site.com https://nestlecesomni.my.site.com/ https://nestlecesomni.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config https://nestlecesomni.my.salesforce-scrt.com/embeddedservice/v1/businesshours https://cdnjs.cloudflare.com https://s.pinimg.com/ https://nestlecesomni.my.salesforce-scrt.com 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl blob:; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline', default-src 'self'; style-src 'self' 'unsafe-inline' 1
base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms https://*.b-cdn.net; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms https://*.b-cdn.net https://i.vimeocdn.com blob: data:; media-src 'self' https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms https://assets.mediadelivery.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
connect-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru wss://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://api.carrotquest.app https://api.carrottrack.app https://rts-v2.carrotquest.app wss://rts-v2.carrotquest.app https://tracker.comagic.ru https://smartcaptcha.yandexcloud.net https://rutube.ru https://static.rutube.ru https://api.rutube.ru https://smartcaptcha.yandexcloud.net https://captcha-api.yandex.ru https://stats.g.doubleclick.net;default-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com http://bitrix.info https://app.comagic.ru https://tracker.comagic.ru https://stats.g.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://maps.google.com http://bitrix.info https://connect.facebook.net https://*.gstatic.com:* https://*.googleapis.com https://www.google.ru https://*.googleadservices.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.maps.yandex.net https://cdnjs.cloudflare.com https://app.comagic.ru https://cllctr.roistat.com https://cloud.roistat.com https://cdn.jsdelivr.net https://cdn.carrotquest.app https://use.fontawesome.com https://www.google.com/recaptcha/ https://smartcaptcha.yandexcloud.net captcha-api.yandex.ru https://yastatic.net:*;style-src 'self' 'unsafe-inline' data: https://mc.yandex.ru:* https://*.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.jsdelivr.net https://*.gstatic.com:*;img-src 'self' data: blob: https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app https://yastatic.net https://*.yastatic.net https://*.googleapis.com https://*.gstatic.com:* https://*.google-analytics.com https://*.utlab.ru https://yandex.ru https://i.ytimg.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.ru https://*.youtube.com https://maps.google.com https://www.google.ru https://img.webcdn.ru https://cdn.carrotquest.app https://*.api-maps.yandex.ru/ https://*.maps.yandex.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.carrotquest.app https://*.gstatic.com:*;frame-src 'self' data: https://*.youtube.com https://*.youtu.be https://*.yandex.ru https://yandex.ru https://mc.yandex.ru https://www.google.com https://rutube.ru https://smartcaptcha.yandexcloud.net https://*.youtube-nocookie.com;base-uri 'self';form-action 'self' data: ; 1
default-src 'self' https://www.google.com https://recaptcha.google.com https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.chatbase.co https://www.etracker.com https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; font-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://www.google.com https://www.chatbase.co https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://www.chatbase.co https://www.etracker.com https://backend.chatbase.co https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.chatbase.co https://code.etracker.com https://code.etracker.de https://www.etracker.de https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://www.etracker.com https://www.etracker.de https://www.chatbase.co https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline' 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com *.tableau.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com *.tableau.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Ym8S%2FJf2%2Fkv4X%2BmNPV%2Bi8%2FOuEaW8Azdt5xtEr%2FTDBM7OhF38exE8EcrvVCYmQ%2FiBIt08ZxfEWLiv9FnvmkbVuw%3D%3D; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://snazzymaps.com https://maps.googleapis.com https://player.vimeo.com https://api.ipdata.co https://*.ipdata.co https://*.analytics.google.com https://cdn.plyr.io https://noembed.com; font-src 'self' https://ka-p.fontawesome.com https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://snazzymaps.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com; img-src 'self' https://*.warburgpincus.com *.warburgpincus.com https://warburgpincus.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://i.vimeocdn.com https://i.ytimg.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com https://maps.googleapis.com blob: data:; media-src 'self' https://*.warburgpincus.com *.warburgpincus.com https://warburgpincus.com; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://www.youtube.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com https://cdn.plyr.io 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://snazzymaps.com https://player.vimeo.com https://www.youtube.com https://maps.googleapis.com https://api.ipdata.co https://*.ipdata.co https://*.google-analytics.com https://cdn.plyr.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://cdn.plyr.io 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' data: *.storck.com; script-src 'self' 'nonce-YNhkGOYVONDNC--iHcLvrrxmBeuLtyk0Gv7BkTXkz7-BLoKXMnZusQ' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self' data:; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://polyfill.io *.google.com *.google.ad *.google.al *.google.am *.google.as *.google.at   *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch  *.google.ci *.google.cl *.google.cm *.google.cn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm  *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq  *.google.is *.google.it *.google.je *.google.jo *.google.ki *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net https://maps.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.google.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://snap.licdn.com https://polyfill.io/v3 https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.pumps.circor.com *.circor.com *.youtube.com *.vimeo.com https://js.stripe.com https://consentcdn.cookiebot.com *.doubleclick.net *.google.com https://circor.prod.acquia-sites.com; child-src 'self' 'unsafe-inline' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://snap.licdn.com https://www.facebook.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; connect-src 'self' https://consentcdn.cookiebot.com https://eu-api.friendlycaptcha.eu https://px.ads.linkedin.com wss://ws.hotjar.com https://content.hotjar.io https://www.google.com https://*.google-analytics.com https://metrics.hotjar.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://maps.googleapis.com; report-uri /report-csp-violation 1
base-uri 'self'; child-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://app.powerbi.com/ https://app.vwo.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://app.powerbi.com/ https://app.vwo.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.feefo.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbankinggroup.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://ict.infinity-tracking.net/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.co.uk/ https://www.googleadservices.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' https://*.feefo.com/ https://*.paragonbankinggroup.co.uk/ https://*.surveymonkey.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://app.vwo.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://ict.infinity-tracking.net/ https://pagead2.googlesyndication.com/ https://snap.licdn.com/ https://unpkg.com/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://fonts.googleapis.com/ https://register.feefo.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self' https://*.surveymonkey.com/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ZCnOHC5MRitYcvHe9fiTxgcM%2B9pecNFVQMr88YmPDANvxLM6OEKjvX2c8omeVRn2YDdarrEL%2BWG1VwgiF8pXig%3D%3D; 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
default-src 'self'; script-src 'self' blob *.amalgamatedbank.com  *.go-mpulse.net bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback *.cookielaw.org *.stackadapt.com *.linkedin.com snap.licdn.com *.facebook.net *.facebook.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co https://tags.srv.stackadapt.com; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io amalgamatedbank.com www.amalgamatedbank.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com d21y75miwcfqoq.cloudfront.net *.cookielaw.org https://tags.srv.stackadapt.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; child-src blob: *.amalgamatedbank.com; font-src 'self' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com  *.go-mpulse.net abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net *.cookielaw.org *.onetrust.com *.akstat.io https://tags.srv.stackadapt.com *.googletagmanager.com *.linkedin.com snap.licdn.com *.facebook.net *.facebook.com; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com https://static.cloudflareinsights.com https://b.static.lightning.force.com https://service.force.com static.cloudflareinsights.com https://sunwayedu.my.salesforce.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com https://service.force.com https://sunwayedu.my.site.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com https://service.force.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com https://*.salesforce.com https://tour.klapty.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com https://service.force.com https://sunwayedu.my.site.com https://sunwayedu.my.salesforce-scrt.com; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; connect-src 'self' *.cloudflareinsights.com *.google-analytics.com *.salesforceliveagent.com https://support.sunway.edu.my https://*.salesforce.com https://sunwayedu.my.salesforce-scrt.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://brand-ecommerce-assets.fusepump.com https://cdn.krxd.net https://service.force.com https://cdn.storelocatorwidgets.com https://n1866.secure.force.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /log-report-uri/enforce 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://client.rum.us-east-1.amazonaws.com/1.2.1/cwr.js https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/plugins/identity.js https://connect.facebook.net/signals/config/1525576007456708 https://connect.facebook.net/signals/config/1465344211021108 https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://static.hotjar.com https://*.clarity.ms https://c.bing.com https://api.mapbox.com 'unsafe-inline' https://connect.facebook.net/signals/config/undefined; frame-src 'self' bytedance: sslocal: https://webapi.nawy.com https://listing-api.nawy.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.google.com.eg; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com; img-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://s3.eu-central-1.amazonaws.com https://prod-images.uae.nawy.com https://prod-images.uae.cooingestate.com https://s3.eu-central-1.amazonaws.com https://www.google.com https://www.google.com.eg https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://purecatamphetamine.github.io https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; media-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://prod-images.uae.nawy.com https://prod-images.uae.cooingestate.com; connect-src 'self' https://webapi.nawy.com https://listing-api.nawy.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://www.google.com https://www.google.com.eg https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://property-forms-api.cooingestate.com https://platform.cooingestate.com; frame-ancestors 'self' https://partners.nawy.com https://partners.cooingestate.com https://web-sandbox.oaiusercontent.com https://*.web-sandbox.oaiusercontent.com https://chatgpt.com https://*.chatgpt.com https://chat.openai.com https://*.chat.openai.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tag.demandbase.com script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com www.youtube.com *.clarity.ms *.hubspot.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com segments.company-target.com id.rlcdn.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net fonts.gstatic.com *.clarity.ms *.hubspot.com *.hsforms.com; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' segments.company-target.com tag-logger.demandbase.com api.company-target.com stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com *.clarity.ms *.hubspot.com *.hs-banner.com; frame-src 'self' s.company-target.com tag.demandbase.com www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com player.captivate.fm; frame-ancestors 'self'; object-src 'none' 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://www.crohnsandcolitis.org.uk https://docs.google.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io https://*.reciteme.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' https://crohnsandcolitis.org.uk 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.sc-static.net https://*.bing.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com https://online.flippingbook.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.monitor.azure.com https://monitor.azure.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;connect-src 'self' https://crohnsandcolitis.org.uk https://docs.google.com https://www.google.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://*.monitor.azure.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;img-src 'self' data: https://crohnsandcolitis.org.uk https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://t.co https://*.muchloved.com https://bat.bing.com https://bat.bing.net https://*.reciteme.com ;font-src 'self' https://crohnsandcolitis.org.uk data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' https://crohnsandcolitis.org.uk 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.issuu.com https://*.hotjar.com https://*.reciteme.com ;frame-src 'self' '' ' ' data: https://crohnsandcolitis.org.uk https://docs.google.com https://static.addtoany.com https://td.doubleclick.net https://www.googletagmanager.com https://forms.office.com https://customervoice.microsoft.com https://crohnsandcolitis.org.uk https://www.google.com https://app.postermaker.io https://www.muchloved.com https://e.issuu.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://chats.landbot.io https://online.flippingbook.com https://player.vimeo.com https://accounts.google.com https://*.reciteme.com https://whale-app-wry8i.ondigitalocean.app ;form-action 'self' https://crohnsandcolitis.org.uk https://*.readspeaker.com https://*.azureedge.net https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' https://crohnsandcolitis.org.uk https://*.reciteme.com 'unsafe-inline' data: ; 1
frame-ancestors 'self' https://*.squaredup.com https://squaredup.com https://app.gather.town; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1
default-src 'self' google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://bat.bing.com https://bat.bing.net https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com https://bat.bing.net https://bat.bing.com https://analytics.tiktok.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm https://crelan-selfservice-qa.web.opercredits.com https://crelan-selfservice-production.web.opercredits.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com https://bat.bing.net https://bat.bing.com https://*.conversionsapigateway.com/ https://mpc-prod-18-s6uit34pua-uc.a.run.app https://analytics.tiktok.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:* https://form.jotform.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:* https://form.jotform.com:* https://submit.jotform.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com https://api.audima.co https://speech.audima.co; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net https://www.google.com https://myminerva.minervafoods.com https://raw.githubusercontent.com https://statistic.audima.co https://api.audima.co https://speech.audima.co https://googleads.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net https://backmenu.audima.co data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ https://audio.audima.co https://vlibras.gov.br blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://myminerva.minervafoods.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com https://backmenu.audima.co https://*.tiktokcdn.com *.tiktokcdn.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com/ data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms https://audio.audima.co https://backmenu.audima.co https://googleads.g.doubleclick.net https://snap.licdn.com 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net https://audio.audima.co https://menu.audima.co https://backmenu.audima.co https://vlibras.gov.br 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.googletagmanager.com https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.tvacreditunion.com https://tvacreditunion.com https://olb.tvacreditunion.com 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.handyvertrag.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://livechat.handyvertrag.de wss://livechat.handyvertrag.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-74ae378dac966ba5372b10822976c402' 'nonce-279cdcb4d8f4aea041f4ea6fb64d90ce' 'nonce-3b7cbd34dfad6b4f7a5510f2fd44bf9b' 'nonce-f4a08c9d485c2b076ced5137790b794c' 'nonce-4a0a83d3a631d35be563fdeb92640b09' 'nonce-ddf6fa3045fe3c6ecf2a204285bde7b7' 'nonce-6fd5513863f1b8f2499eaa8d6e413ba9' 'nonce-7994fffb6b9b90c8786a029b4e07f9d7' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-74ae378dac966ba5372b10822976c402' 'nonce-279cdcb4d8f4aea041f4ea6fb64d90ce' 'nonce-3b7cbd34dfad6b4f7a5510f2fd44bf9b' 'nonce-f4a08c9d485c2b076ced5137790b794c' 'nonce-4a0a83d3a631d35be563fdeb92640b09' 'nonce-ddf6fa3045fe3c6ecf2a204285bde7b7' 'nonce-6fd5513863f1b8f2499eaa8d6e413ba9' 'nonce-7994fffb6b9b90c8786a029b4e07f9d7' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.sim24.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim24.de https://livechat.sim24.de wss://livechat.sim24.de https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-7a1e5c9c0c1044d04ef0460d65de3d52' 'nonce-f7fa71dddf87c053bdbc9efa27f2d175' 'nonce-ed086904d12bafb85156a0ca4837cd9d' 'nonce-79fd83de85b9635a3cacf224762cc3e1' 'nonce-bcfb0b90fa720dfbc9517201b0a5de67' 'nonce-f848eb05cb52ae8acfee86b49d261f6b' 'nonce-61442b233587accf66eb90fb58ef7f73' 'nonce-6df9aa3bbf9ff1fdae52af9364cc23da' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7a1e5c9c0c1044d04ef0460d65de3d52' 'nonce-f7fa71dddf87c053bdbc9efa27f2d175' 'nonce-ed086904d12bafb85156a0ca4837cd9d' 'nonce-79fd83de85b9635a3cacf224762cc3e1' 'nonce-bcfb0b90fa720dfbc9517201b0a5de67' 'nonce-f848eb05cb52ae8acfee86b49d261f6b' 'nonce-61442b233587accf66eb90fb58ef7f73' 'nonce-6df9aa3bbf9ff1fdae52af9364cc23da' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.twitter.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.fontawesome.com https://unpkg.com https://static.ads-twitter.com https://t.co https://www.unpkg.com https://www.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.youtube.com https://odcc2.bell.ca *.8x8.com *.jsdelivr.net *.google.com *.google.co.za https://login.microsoftonline.com; frame-ancestors 'self' *.facebook.com *.bsky.app *.linkedin.com *.instagram.com *.cdninstagram.com *threads.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.smartmobil.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://livechat.smartmobil.de wss://livechat.smartmobil.de https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-8bb5f0ce82150d9359d01c060d179a3b' 'nonce-771502e50783a985fd54f0952d56fa14' 'nonce-d24fa054a1a176d5472fa6618e06a5f8' 'nonce-d376293cc3e765192b1c5110359d7365' 'nonce-92a4667cc23d4f9aa182e607c9d92294' 'nonce-b82ca9461425106b38941161727cc265' 'nonce-d4435ab7c7ba509bab263ad23396e044' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8bb5f0ce82150d9359d01c060d179a3b' 'nonce-771502e50783a985fd54f0952d56fa14' 'nonce-d24fa054a1a176d5472fa6618e06a5f8' 'nonce-d376293cc3e765192b1c5110359d7365' 'nonce-92a4667cc23d4f9aa182e607c9d92294' 'nonce-b82ca9461425106b38941161727cc265' 'nonce-d4435ab7c7ba509bab263ad23396e044' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com *.licdn.com https://translate.google.com https://translate.googleapis.com *.typekit.net; manifest-src 'self' https://www.wefact.nl; img-src 'self' data: *.wefact.ai *.taggrs.io *.analytics.google.com *.gstatic.com https://flow.wefact.nl https://maps.googleapis.com https://www.mijnwefact.nl *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.be https://www.google.nl https://www.googleadservices.com https://googleads.g.doubleclick.net https://webstream.wefact.com https://webfiles.wefact.com https://googletagmanager.com *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.clarity.ms *.bing.com https://bat.bing.net https://www.mollie.com *.g.doubleclick.net; script-src 'self' 'unsafe-inline' *.wefact.ai https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com http://www.youtube.com/iframe_api *.ytimg.com *.facebook.com *.facebook.net *.linkedin.com *.licdn.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://developers.google.com https://maps.googleapis.com *.gstatic.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com *.clarity.ms *.bing.com *.bing.net https://secure.adnxs.com *.googletagmanager.com *.cookiebot.com; font-src 'self' data: https://www.mijnwefact.nl *.typekit.net https://fonts.gstatic.com; connect-src 'self' *.open.cx *.wefact.ai https://flow.wefact.nl https://maps.googleapis.com https://places.googleapis.com https://www.mijnwefact.nl https://graphql.prepr.io *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.clarity.ms *.bing.com *.bing.net https://translate.googleapis.com https://translate-pa.googleapis.com *.cookiebot.com https://www.wefact.nl https://webstream.wefact.com https://webfiles.wefact.com; frame-src 'self' https://flow.wefact.nl https://calendar.google.com/ https://www.mijnwefact.nl https://www.youtube.com *.facebook.com *.facebook.net *.linkedin.com https://bid.g.doubleclick.net https://td.doubleclick.net https://outlook.office365.com *.googletagmanager.com *.cookiebot.com; frame-ancestors 'self'; object-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms *.bing.com *.bing.net; media-src 'self' https://www.mijnwefact.nl https://www.wefact.nl; child-src *.facebook.com *.facebook.net;form-action 'self' https://www.mijnwefact.nl; 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://*.analytics.google.com https://analytics.google.com https://www.google.com https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://skilled-white-brook.quiknode.pro https://quiet-light-sanctuary.base-mainnet.quiknode.pro https://rpc.mainnet.sui.io/ https://httpbin.org/ https://evm-rpc.sei-apis.com/ https://evm-rpc-testnet.sei-apis.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://in.sumsub.com/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://*.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;worker-src 'self'; 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.simplytel.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://livechat.simplytel.de wss://livechat.simplytel.de https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-15d291230d43ebe0fcd0f51313ff0ca1' 'nonce-afad0f78d1805dd2cdf2bdcb9d625fd7' 'nonce-f7c8f3387b9b2612e050f7c3f9c89a99' 'nonce-05d003ae7099b43927b7d30a8ad3af49' 'nonce-49650b3e4c3b598f7f46ff2199b66607' 'nonce-8e727d1aa54a2328a2a93347cfa43581' 'nonce-d004f0b931cad7164d77dce97b94aa0b' 'nonce-19ba976ce700e67eeec5cc8fa94a5cfc' 'nonce-76687d573b938a4b95d89cbcc4aec1e1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-15d291230d43ebe0fcd0f51313ff0ca1' 'nonce-afad0f78d1805dd2cdf2bdcb9d625fd7' 'nonce-f7c8f3387b9b2612e050f7c3f9c89a99' 'nonce-05d003ae7099b43927b7d30a8ad3af49' 'nonce-49650b3e4c3b598f7f46ff2199b66607' 'nonce-8e727d1aa54a2328a2a93347cfa43581' 'nonce-d004f0b931cad7164d77dce97b94aa0b' 'nonce-19ba976ce700e67eeec5cc8fa94a5cfc' 'nonce-76687d573b938a4b95d89cbcc4aec1e1' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/ https://matomo.vailsys.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com https://matomo.vailsys.com/ data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/ https://matomo.vailsys.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr; report-uri /log-report-uri/enforce 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.premiumsim.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://livechat.premiumsim.de wss://livechat.premiumsim.de https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-b4e242f38cbc21726b8f5f1843f8a916' 'nonce-6819a13e854aad04167092c520355d14' 'nonce-0f8bf69ca6aab72c72a73a191d5cf930' 'nonce-85996d6fb0ad78beca61278b678d9817' 'nonce-24b02bebf4e190e7194312dc948eb32e' 'nonce-189c024c927f5f6a6a4ead1988bb82e4' 'nonce-1dea9b670ac5a82e1375a7eb71384fd7' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-b4e242f38cbc21726b8f5f1843f8a916' 'nonce-6819a13e854aad04167092c520355d14' 'nonce-0f8bf69ca6aab72c72a73a191d5cf930' 'nonce-85996d6fb0ad78beca61278b678d9817' 'nonce-24b02bebf4e190e7194312dc948eb32e' 'nonce-189c024c927f5f6a6a4ead1988bb82e4' 'nonce-1dea9b670ac5a82e1375a7eb71384fd7' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://kalender.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ https://i.ytimg.com/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net  falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1
default-src 'self'; 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.yourfone.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.yourfone.de https://livechat.yourfone.de wss://livechat.yourfone.de https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-1ea00676f6c25b0be28ec4d1e1f78ed3' 'nonce-f876e13f6c7a63a9b2a204b24555702b' 'nonce-84dfa80983f0235be934eb13856c07b3' 'nonce-fa55c5fc62ddd4b336b54892e099e4d9' 'nonce-8a857de3fad335bf5897ad8e6760076b' 'nonce-489479012d7769d2ee01e0d674b834b9' 'nonce-368ea2d3186cfc05a268b986176518d1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-1ea00676f6c25b0be28ec4d1e1f78ed3' 'nonce-f876e13f6c7a63a9b2a204b24555702b' 'nonce-84dfa80983f0235be934eb13856c07b3' 'nonce-fa55c5fc62ddd4b336b54892e099e4d9' 'nonce-8a857de3fad335bf5897ad8e6760076b' 'nonce-489479012d7769d2ee01e0d674b834b9' 'nonce-368ea2d3186cfc05a268b986176518d1' 'self' 'unsafe-inline' https: 'report-sample' 1
font-src 'self' https://userlike-cdn-umm.b-cdn.net; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self'; script-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://stats.th-bingen.de 'unsafe-inline'; connect-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com wss://umd.userlike.com https://stats.th-bingen.de;  img-src * *.b-ite.com data:; style-src 'self' 'unsafe-inline' *.b-ite.com data:; 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at cdn.linkedin.oribi.io; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtu.be *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at *.vimeo.com vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: *.kununu.com storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com; 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com *.youtube.com *.youtube-nocookie.com; img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de *.youtube.com *.youtube-nocookie.com; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de dwl.dawconnect.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr 'unsafe-inline'; object-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org  https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com https://5306.f2w.bosa.be; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src  'self' https://l.sharethis.com https://prod.impartner.live https://ellucian25stg.prod.acquia-sites.com https://*.ellucian.com https://code.jquery.com https://packages.prmcdn.io 'unsafe-inline' 'unsafe-eval' https://ws.sharethis.com https://maps.googleapis.com https://jamaica.value-cloud.com https://*.sharethis.com https://www.buzzsprout.com https://consent.cookiebot.com https://www.googletagmanager.com https://cdn.bizible.com https://script.crazyegg.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://abrtp2-cdn.marketo.com https://tag.simpli.fi https://assets.adoberesources.net https://cdn-public.sociabble.com https://cdn01.basis.net  https://www.youtube.com https://googleads.g.doubleclick.net https://tracking.intentsify.io https://consentcdn.cookiebot.com https://js.zi-scripts.com https://j.6sc.co https://i.simpli.fi   https://*.marketo.com https://static.addtoany.com  blob: https://unpkg.com https://a.usbrowserspeed.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://085-mht-312.mktoutil.com https://user-sync.fwmrm.net https://pbutcher.uk https://consent.trustarc.com https://*.trustarc.com; style-src  'self'  'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.ellucian.com https://packages.prmcdn.io https://*.sharethis.com https://rtp-static.marketo.com https://www.googletagmanager.com; img-src  'self'  'unsafe-inline' 'unsafe-eval' https://*.ellucian.com data: https://impartner.blob.core.windows.net https://maps.googleapis.com https://*.sharethis.com https://maps.gstatic.com https://cnv.event.prod.bidr.io https://www.google.com https://imgsct.cookiebot.com https://*.linkedin.com https://t.co https://pixel.sitescout.com https://cdn.bizible.com https://t.co https://analytics.twitter.com  https://cdn.bizible.com  https://b.6sc.co https://www.facebook.com https://www.googletagmanager.com https://attribution.sitescout.com https://assets.adoberesources.net https://cdn.bizibly.com https://um.simpli.fi https://cm.g.doubleclick.net https://cdn.bizibly.com https://fei.pro-market.net https://www.googleadservices.com https://ps.eyeota.net https://s.ad.smaato.net https://sync.1rx.io https://eb2.3lift.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.intentiq.com https://image2.pubmatic.com  https://ads.stickyadstv.com https://loadm.exelator.com  https://ups.analytics.yahoo.com https://sync.bfmio.com  https://bcp.crwdcntrl.net  https://ce.lijit.com  https://idsync.rlcdn.com  https://ib.adnxs.com  https://pixel.rubiconproject.com https://us-u.openx.net  https://fei.pro-market.net https://googleads.g.doubleclick.net  https://pixel.tapad.com https://pippio.com https://syncv4.intentiq.com https://dsum-sec.casalemedia.com https://d.agkn.com https://sync.taboola.com https://capi.connatix.com https://rtb-csync.smartadserver.com https://cs.lkqd.net  https://sync.inmobi.com https://s.amazon-adsystem.com https://*.trustarc.com https://*.truste.com; frame-src 'self' https://www.youtube.com https://youtu.be https://lp.ellucian.com https://www.youtube-nocookie.com https://demo.arcade.software https://*.sharethis.com https://maps.googleapis.com https://calculator.value-cloud.com https://www.buzzsprout.com  https://consentcdn.cookiebot.com https://www.googletagmanager.com https://pixel-sync.sitescout.com https://player.vimeo.com https://vimeo.com https://static.addtoany.com https://unpkg.com https://*.monday.com https://*.google.com https://*.trustarc.com; font-src 'self' https://fonts.gstatic.com https://consent.trustarc.com https://*.trustarc.com; connect-src  'self'  'unsafe-inline' 'unsafe-eval' http://www.geoplugin.net https://www.geoplugin.net https://ellucian25stg.prod.acquia-sites.com https://partners.ellucian.com https://maps.googleapis.com https://*.sharethis.com https://event.on24.com https://bcp.crwdcntrl.net https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.linkedin.com https://085-mht-312.mktoresp.com https://*.crazyegg.com https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io  https://js.zi-scripts.com https://js.zi-scripts.com https://*.mktoresp.com https://js.zi-scripts.com https://c.6sc.co https://*.marketo.com  https://ws.zoominfo.com https://ipv6.6sc.co wss://*.cloud.adobe.io https://secure.adnxs.com https://www.facebook.com https://*.6sense.com  https://unpkg.com https://assets.adoberesources.net https://browser.sentry-cdn.com https://o4510076484911104.ingest.us.sentry.io https://static.addtoany.com https://impartner.blob.core.windows.net https://www.googletagmanager.com https://085-mht-312.mktoutil.com https://lp.ellucian.com https://*.monday.com https://consent.trustarc.com https://*.trustarc.com https://*.googlesyndication.com; upgrade-insecure-requests 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com data-eu.purina.pl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.pl; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045 https://az416426.vo.msecnd.net/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://*.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://cm.everesttech.net/ https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=dfiVYI1toLFW1KfmVz0IqSm3sxgo7gMxA9dj36qqD%2FNXeHyZHlTN%2FI9zrDV1nww95Lcb%2Fs1KLcPtChFHUzQ7bg%3D%3D; 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.maxxim.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.maxxim.de https://livechat.maxxim.de wss://livechat.maxxim.de https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-e8b4ed30b58a1f43707cada0a0b05b83' 'nonce-f88a6c46d7f810b5840124c477b1d2c1' 'nonce-d504f31ec528c9d2e3630d3952d95cea' 'nonce-f65fcf0e8f1d14364540ba8bb6852d03' 'nonce-0a07f97c84bd1a08b2080ff06284cfe8' 'nonce-db317d53a42e0c4cf124b8aecfa1dbed' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e8b4ed30b58a1f43707cada0a0b05b83' 'nonce-f88a6c46d7f810b5840124c477b1d2c1' 'nonce-d504f31ec528c9d2e3630d3952d95cea' 'nonce-f65fcf0e8f1d14364540ba8bb6852d03' 'nonce-0a07f97c84bd1a08b2080ff06284cfe8' 'nonce-db317d53a42e0c4cf124b8aecfa1dbed' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *hosted-pageflow.com *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de my.walls.io klimacampus.org *.klimacampus.org *.bne.unesco.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net googleapis.com script.crazyegg.com unpkg.com *.google-analytics.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com app.powerbi.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com googleapis.com script.crazyegg.com unpkg.com; img-src 'self' data: googleapis.com *.google-analytics.com www.googletagmanager.com www.gstatic.com; frame-src 'self' https://aibc.pandemicoversight.gov blob: static.pandemicoversight.gov storymaps.arcgis.com www.arcgis.com www.google.com app.powerbi.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' https://www.pandemicoversight.gov https://pandemicoversight.gov https://aibc.pandemicoversight.gov; child-src blob: app.powerbi.com *.youtube.com *.youtube-nocookie.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com *.google-analytics.com www.google.com/recaptcha/ app.powerbi.com unpkg.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' blob: *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com https://seatmap.vivenu.com https://vivenu.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com *.taboola.com *.userway.org; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://seatmap.vivenu.com https://vivenu.com rsms.me https://tagmanager.google.com https://fonts.googleapis.com *.userway.org; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me https://seatmap.vivenu.com https://vivenu.com s3.eu-central-1.amazonaws.com lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com *.mappedin.net mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://s3.amazonaws.com https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com https://vcx-centre-websites-stripe-logo.s3.ap-southeast-2.amazonaws.com *.userway.org; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com rsms.me https://seatmap.vivenu.com https://vivenu.com https://fonts.gstatic.com data: data: *.userway.org; connect-src 'self' wss://seatmap.vivenu.com stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.sentry.io *.simplybook.me https://seatmap.vivenu.com https://vivenu.com *.vicinity.com.au *.trackjs.com *.stripe.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://fonts.gstatic.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://vicinitycentres.jrni.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://fonts.gstatic.com https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net *.taboola.com *.userway.org; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://seatmap.vivenu.com https://vivenu.com *.taboola.com https://*.adsrvr.org *.userway.org; object-src *.googlesyndication.com; media-src dai.google.com *.storyblok.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; frame-ancestors https://app.storyblok.com 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-dd8a4159e81c4383d629eed8416061eb' 'unsafe-eval' wireframe.cc https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframe.cc wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc wireframe.cc data:; child-src 'self'; base-uri 'none'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' ; img-src https://*; script-src 'self' 'unsafe-inline' https://sibforms.com/forms/end-form/build/main.js https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' http://sibforms.com/forms/end-form/build/sib-styles.css ; 1
default-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org https://login.microsoftonline.com https://www.google.com https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://eutils.ncbi.nlm.nih.gov https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de https://global.frcapi.com https://www.google.com https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdn.matomo.cloud http://cdn.matomo.cloud cdn.matomo.cloud https://ctk.matomo.cloud http://ctk.matomo.cloud ctk.matomo.cloud https://zlm.mul-ct.de http://zlm.mul-ct.de zlm.mul-ct.de https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://cottbus-platform.condat.cloud http://cottbus-platform.condat.cloud cottbus-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1
default-src 'self';; script-src 'self' 'unsafe-eval' https://winsnetwork.org/ https://www.winsnetwork.org/ https://cdn.ckeditor.com https://js-agent.newrelic.com/nr-rum-1.241.0.min.js https://s0.assets-yammer.com/assets/platform_social_buttons.min.js https://static.userback.io/widget/v1.js https://unpkg.com/aos@2.3.1/dist/aos.js https://www.googletagmanager.com/gtag/js;; object-src 'none'; style-src 'self' 'unsafe-inline' https://winsnetwork.org/ https://www.winsnetwork.org/ https://cdn.ckeditor.com https://fonts.googleapis.com https://pro.fontawesome.com https://unpkg.com data: url(*) ; ; img-src 'self' data: https://winsnetwork.org/ https://www.winsnetwork.org/;; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://pro.fontawesome.com; ; report-uri /report-csp-violation 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/*  https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=da16c8f3-30f6-48f9-9160-a6da3d36fdec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4kz7&type=javascript&version=2.3.29 https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=registration https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=landing; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=67ea32aa-c34c-4715-8d52-c5d49aa88428&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&txn_id=o2n0b&type=javascript&version=2.3.29; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com  https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/partner/1874697/domain/oldmutualalternatives.com/token; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3  https://js.zohocdn.com https://js.zohostatic.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://mitsweb.iitech.dk https://mitsweb.iitech.dk/*; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1
default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; 1
default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://login.microsoftonline.com/ https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net/2.3.4/js/dataTables.js https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.datatables.net/2.3.4/css/dataTables.dataTables.css https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://challenges.cloudflare.com/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' https://search.ebscohost.com 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com unpkg.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' player.vimeo.com fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; object-src https://*.cloudfront.net/; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com *.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.amazonaws.com/ https://*.cloudfront.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://unpkg.com https://fonts.googleapis.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; report-uri /report-csp-violation 1
default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net apple.com *.apple.com cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.jwplayer.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
base-uri 'self'; child-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbank.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://qfx.tools.investis.com/ https://stats.g.doubleclick.net/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src data: 'self' https://* blob:; media-src data:; script-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://qfx.tools.investis.com/ https://otp.tools.investis.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=yuf0YV2dYHCAK0HOl1QYGsBh5p8lbREG99b4TFwkjtIO96Xt3d87i4zhwMyUr%2FoNryJ06qBZId4tSADwBtDFMw%3D%3D; 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; report-uri /fr/log-report-uri/enforce 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' https://www.google.com/ ; frame-ancestors 'self' https://*.nhs.uk; frame-src 'self' https://webchat.mitel.io/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self'  https://maps.googleapis.com https://webchat.mitel.io/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://webassistant.onconnect.app; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://fonts.googleapis.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net https://webassistant.onconnect.app; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://*.api.mitel.io https://jsonip.com https://maps.googleapis.com/ https://gcp-gateway.eu.api.mitel.io/ https://director.api.mitel.io/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net https://webassist.onconnect.app https://webassistant.onconnect.app https://produkswebassistsignalr18.service.signalr.net wss://produkswebassistsignalr18.service.signalr.net; manifest-src 'self'; base-uri 'none'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdnjs.cloudflare.com scripts.sirv.com kit.fontawesome.com consent.cookiebot.com consentcdn.cookiebot.com view.genial.ly view.genially.com statics-view.genially.com app.fusebox.fm player.vimeo.com analytics-eu.clickdimensions.com snap.licdn.com static.hotjar.com script.hotjar.com metrics.hotjar.io ws.hotjar.com static.site24x7rum.eu dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net csp.microsoft.com cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.1/textcounter.min.js unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js cdn-eu.clickdimensions.com web.adder.com *.visualwebsiteoptimizer.com app.vwo.com cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js static.genially.com https://unpkg.com/@lottiefiles/dotlottie-wc@0.8.5/dist/dotlottie-wc.js lottie.host https://unpkg.com; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.google.com/recaptcha/ https://consentcdn.cookiebot.com player.vimeo.com copilotstudio.microsoft.com www.youtube.com forms.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none';  script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
worker-src 'self' blob: data:; default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.usercentrics.eu *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.openstreetmap.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com https://staticcdn.co.nz https://www.youtube-nocookie.com/; img-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://staticcdn.co.nz https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-NTc2ODE1M2IwNDYzNWJkMGM5YWIyNWVjNzFjYTY3ZWE1MDM5NGM4ZjA5NjgxNGM4OTdiMmUxYzE1OTU2OWZiYmRkYWEwYWY1OGIwMjBhNTk4ZmRhZDJiMzBjMjRmMzBkYjUwNjkxMzg4OTkzNmQ2N2IyNjdiNTc4YTlkMjk5ZDE=' 'unsafe-eval' blob:; style-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com *.fastway.org oss.maxcdn.com *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com  *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1
default-src 'self'; script-src 'self' 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
default-src data: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.here.com https://vawidget.dhl.com;style-src 'self' 'unsafe-inline' ;object-src 'self' blob:;img-src 'self' data: blob:;connect-src blob: 'self' https://*.here.com https://vawidget.dhl.com https://vawidget-eu.dhl.com;frame-src https://vawidget.dhl.com;worker-src blob: 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com https://*.intercom-messenger.com wss://*.intercom-messenger.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-Hx0THnKV4bPotxfuHP4eQFgk01w=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.googleapis.com https://*.acsbapp.com https://acsbapp.com https://*.analytics.google.com; font-src 'self' https://kit.fontawesome.com https://ka-p.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://online.flippingbook.com https://*.googletagmanager.com https://www.google.com; img-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://acsbapp.com https://*.acsbapp.com https://secure.gravatar.com; script-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://kit.fontawesome.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://acsbapp.com https://*.acsbapp.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://tagmanager.google.com https://acsbapp.com https://*.acsbapp.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; child-src 'self'; connect-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://vic.verzekeringsinzicht.nl https://cloud.langfuse.com https://verzekeringsinzicht.nl; font-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ data:; form-action 'self' https://*.verzekeringsinzicht.nl; frame-ancestors 'self'; img-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/assets/ https://verzekeringsinzicht.nl/vendor/ https://verzekeringsinzicht.nl/images/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/favicon.ico data:; object-src 'none'; script-src https://sulvermiuw.nl https://o545752.ingest.sentry.io https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/javascript/ https://verzekeringsinzicht.nl/vendor/ 'nonce-6hwDSAzYvGH7z+Wpe6W1GCaP'; style-src https://verzekeringsinzicht.nl/dist/ https://verzekeringsinzicht.nl/scss/ https://verzekeringsinzicht.nl/vendor/ 'nonce-6hwDSAzYvGH7z+Wpe6W1GCaP'; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acuteintuitive52.com https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com cdn.ckeditor.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org connect.facebook.net; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org return.flexmail.eu; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-4oDlB7F4SoAkoUfTuWdj232x' 'nonce-MMuGTBjGVEMVyZUjuGh4p0fa' 'nonce-7hkDaFXJ8ZQGvkS318jd0A3G' 'nonce-m/7zoSbE5XNfjeulzG/lW/HK' 'nonce-lVqhrWQTxoiIgMdekb+9KgjZ' 'nonce-TNFhqx7fQEGsTxY07dGyGpxp' 'nonce-6IkBWvDA5KX3oGFP3X/a6NtX' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.bigsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.bigsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://imagepool.bigsim.de https://livechat.bigsim.de https://umfrage.bigsim.de https://pts.bigsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.bigsim.de https://livechat.bigsim.de wss://livechat.bigsim.de https://livechat.bigsim.de https://stats.bigsim.de https://imagepool.bigsim.de https://pts.bigsim.de https://analytics.tiktok.com https://umfrage.bigsim.de; script-src 'strict-dynamic' 'nonce-de7c556da7681b275a68c116a4a20d9c' 'nonce-f62db47f1ab814f95fe467663d06d402' 'nonce-ad3f702049149e5137d4f24fc1e4697f' 'nonce-51402b347b971278ea9a708b75c0f6fc' 'nonce-1a5154b98aafde3bcbe079cd28755ebc' 'nonce-593735184d4e0773cc8e08a4393ed39e' 'nonce-f08acadb717d981980fbb243aeacf42d' 'nonce-d8a1fac3c1c93ddcbe78327d6c35e1ca' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.bigsim.de https://umfrage.bigsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-de7c556da7681b275a68c116a4a20d9c' 'nonce-f62db47f1ab814f95fe467663d06d402' 'nonce-ad3f702049149e5137d4f24fc1e4697f' 'nonce-51402b347b971278ea9a708b75c0f6fc' 'nonce-1a5154b98aafde3bcbe079cd28755ebc' 'nonce-593735184d4e0773cc8e08a4393ed39e' 'nonce-f08acadb717d981980fbb243aeacf42d' 'nonce-d8a1fac3c1c93ddcbe78327d6c35e1ca' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm kit.fontawesome.com ka-p.fontawesome.com sc.lfeeder.com tr.lfeeder.com; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test.interpayafrica.com https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com https://static.zohocdn.com https://static.zohocdn.com/salesiq/RESOURCE_BUNDLES/*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test.interpayafrica.com https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://us4-files.zohopublic.com; img-src 'self' data: https://p.typekit.net https://eadchannels.blob.core.windows.net https://eadchannels.blob.core.windows.net/* https://tawk.link https://tawk.link/* https://test.interpayafrica.com https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://www.google.co.ug https://*.oldmutual.co.ke https://oldmutual.co.ke https://static.zohocdn.com/ https://static.zohocdn.com/*; frame-src 'self' https://www.oldmutual.co.za/ https://test.interpayafrica.com https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://ipp-old-mutual-kenya.staging.aspin-inclusivity.com https://ipp-old-mutual-kenya.staging.aspin-inclusivity.com/*; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1 http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1/* https://interpayafrica.com/interapi/ProcessPayment https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://js-eu1.hs-scripts.com https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug https://*.demandbase.com https://*.demandbase.com/* https://*.company-target.com https://*.bf.dynatrace.com https://*.zoho.com https://goals-qa.digital.omapps.net:8080; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://www.google.com https://www.gstatic.com https://*.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://*.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://*.demandbase.com https://*.demandbase.com/* https://*.company-target.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://secure.rewards.oldmutual.com.na/ https://test.interpayafrica.com https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com https://test.interpayafrica.com https://test.interpayafrica.com/* 1
frame-ancestors 'self'; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /fr/log-report-uri/enforce 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-138a87da885970ee2aa6136c3e23bea0' 'nonce-65ded4bdc169be36b69360b9d6bc24bb' 'nonce-57a12e5d3c69b3d4271438cde7a2233c' 'nonce-fdd5d6883d2d07ecff6ff19cb993576a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-138a87da885970ee2aa6136c3e23bea0' 'nonce-65ded4bdc169be36b69360b9d6bc24bb' 'nonce-57a12e5d3c69b3d4271438cde7a2233c' 'nonce-fdd5d6883d2d07ecff6ff19cb993576a' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src http: https: data:; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.un.org; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net *.un.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.google.it *.googletagmanager.com data:;; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com *.un.org unitednations.sharepoint.com cdnapisec.kaltura.com; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com unitednations.sharepoint.com cdnapisec.kaltura.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
default-src 'self'; manifest-src 'self'; script-src 'self' https://customization-platform-2365--dev1.sandbox.my.site.com/ https://customization-platform-2365.my.site.com/ https://cdn.jsdelivr.net/npm/swiper@12/; object-src 'self'; style-src 'self' 'unsafe-inline' https://customization-platform-2365--dev1.sandbox.my.site.com/ https://customization-platform-2365.my.site.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/swiper@12/; img-src 'self' blob: data: https://cdnjs.cloudflare.com/ https://notbank-statics.pages.dev/ https://www.notbank.com/; media-src 'self'; frame-src 'self' https://customization-platform-2365--dev1.sandbox.my.site.com/ https://customization-platform-2365.my.site.com/ blob:; font-src 'self' https://fonts.gstatic.com/; connect-src 'self' https://customization-platform-2365--dev1.sandbox.my.salesforce-scrt.com/ https://customization-platform-2365.my.salesforce-scrt.com wss://stgapi.notbank.exchange/ wss://api.notbank.exchange/ https://stgapi.notbank.exchange/ https://api.notbank.exchange/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/npm/swiper@12/; frame-ancestors 'self' https://customization-platform-2365--dev1.sandbox.my.site.com/ https://customization-platform-2365.my.site.com/ https://customization-platform-2365--dev1.sandbox.my.salesforce-scrt.com/ https://customization-platform-2365.my.salesforce-scrt.com; base-uri 'self'; form-action 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.beastcreditmonitoring.com *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.beastcreditmonitoring.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.beastcreditmonitoring.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com https://*.intercom-messenger.com wss://*.intercom-messenger.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
base-uri 'none';child-src 'none';connect-src 'self' nusantaradev.chakra.uno nusantara.chakra.uno be-chilgo-prenagen-dev-d33dgvhu5a-as.a.run.app articlecommunityapi.chakra.uno storage.googleapis.com fastly.jsdelivr.net *.facebook.com www.google-analytics.com revamp-loyalty-bff-wcjse4tjjq-et.a.run.app nusantara.chakrarewards.com analytics.google.com unpkg.com https://*.g.doubleclick.net revamp-loyalty-bff-dev-chdcaf35ya-et.a.run.app be-chilgo-prenagen-dev-chdcaf35ya-et.a.run.app revamp-loyalty-bff-dev-12772865132.asia-southeast2.run.app be-chilgo-prenagen-dev-12772865132.asia-southeast2.run.app analytics.tiktok.com www.google.com www.googleadservices.com www.google.co.id www.googletagmanager.com https://*.useinsider.com https://*.api.useinsider.com https://hb-s3-media-stg.s3.ap-southeast-3.amazonaws.com https://hb-s3-media-prod.s3.ap-southeast-3.amazonaws.com https://analytics-ipv6.tiktokw.us https://cdn.jsdelivr.net wss://*.useinsider.com ws: webpack://*;default-src 'self';font-src 'self' fonts.gstatic.com *.useinsider.com *.api.useinsider.com;form-action 'self';frame-ancestors https://loyalty-teman-prenagen-dev-chdcaf35ya-et.a.run.app https://loyalty-web-chilgo-dev-chdcaf35ya-et.a.run.app https://blackmores-rewards-club-dev-chdcaf35ya-et.a.run.app https://loyalty-kecc-dev-chdcaf35ya-et.a.run.app https://loyalty-entrasol-dev-chdcaf35ya-et.a.run.app https://entrasol2021.dev.rollingglory.com *.prenagen.com https://www.chilgorewardsclub.com https://loyalty.blackmores.co.id https://www.blackmores.co.id https://loyalty.sahabatkecc.com https://sahabatkecc.com https://loyalty.entrasol.com https://kpoin.entrasol.com https://entrasol.com https://www.entrasol.com https://kecc.kalbe.co.id https://kalbe.co.id https://www.kalbe.co.id https://kecc.klikdokter.com https://klikdokter.com https://www.klikdokter.com https://loyalty.morinagaweb.by.rollingglory.com https://morinagaweb.by.rollingglory.com https://loyalty.morinaga.id https://kpoin.morinaga.id https://morinaga.id;frame-src *;img-src 'self' * data: blob:;manifest-src 'self';media-src 'self' * data:;object-src 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com;script-src 'self' www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com *.facebook.com connect.facebook.net tinyurl.com cdn.tiny.cloud assets.adobedtm.com analytics.tiktok.com www.googleadservices.com www.google.co.id *.useinsider.com *.api.useinsider.com *.youtube.com https://cdn.jsdelivr.net https://*.g.doubleclick.net 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval';style-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net tinyurl.com www.gstatic.com www.googletagmanager.com cdn.tiny.cloud *.useinsider.com *.api.useinsider.com 'unsafe-inline';worker-src 'self' * data: blob:; 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; media-src 'self' https://reile.co.jp 1
default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de *.medien02.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com medien02.gsb.bund.de; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
base-uri 'self';child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;connect-src 'self' *.amplitude.com *.analytics.google.com *.bing.net *.bing.com *.stream-io-api.com *.cloud.gist.build *.cloudinary.com *.cookieyes.com/ *.customer.io *.daily.co *.datocms-assets.com *.datocms.com *.doubleclick.net *.facebook.com *.facebook.net *.featuregates.org/ *.featureassets.org/ *.google-analytics.com *.googletagmanager.com *.googleoptimize.com *.google.com *.google.co.uk *.gstatic.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.ingest.de.sentry.io *.ingest.sentry.io *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.impct.site *.impactcdn.com *.linkedin.com/ *.mux.com *.productfruits.com https://productfruits.help *.pusher.com *.referralsaasquatch.com *.segment.com *.segment.io *.stripe.com *.ssqt.io *.onesignal.com onesignal.com *.statsigapi.net/ *.trustpilot.com *.vercel-analytics.com *.vercel-insights.com *.youtube.com *.ytimg.com *.typeform.com adservice.google.com analytics.google.com browser-intake-datadoghq.eu cdn-cookieyes.com cdn.linkedin data: embed.acuityscheduling.com featuregates.org/ featureassets.org/ google.com prodregistryv2.org open.spotify.com statsigapi.net/ *.gist.build vercel.live/ wss://*.daily.co wss://*.intercom.io wss://*.productfruits.com wss://*.pusher.com wss://ws.hotjar.com wss://*.stream-io-api.com;default-src 'self';font-src 'self' *.hotjar.com *.intercomcdn.com *.typekit.net data: fonts.gstatic.com vercel.live;form-action 'self' *.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;frame-ancestors 'self' *.flown.com https://plugins-cdn.datocms.com;frame-src 'self' *.flown.com *.acuityscheduling.com *.daily.co *.doubleclick.net *.facebook.com *.gist.build *.googletagmanager.com *.gotolstoy.com *.hotjar.com *.productfruits.com *.spotify.com *.stripe.com *.trustpilot.com *.trustpilot.io *.typeform.com *.vercel *.vercel.app *.youtube.com copilot.as.me daily.flown.com intercom-sheets.com preview.daily.flown.com vercel.live blob://*;img-src 'self' *.ap-south-1.amazonaws.com *.bing.com *.googlesyndication.com *.cloudinary.com *.customer.io cdn-cookieyes.com *.facebook.com *.g.doubleclick.net *.getstream.io getstream.imgix.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com fonts.gstatic.com *.intercomcdn.com *.intercomusercontent.com *.intercomassets.com *.linkedin.com *.onesignal.com *.productfruits.com *.ssqt.io *.tenor.com *.twitter.com *.vercel.com *.ytimg.com data: blob: t.co vercel.com www.datocms-assets.com;manifest-src 'self';media-src 'self' *.mux.com blob://* www.datocms-assets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;object-src 'none';script-src 'self' 'nonce-MmY1YTUyZmYtOTgyNy00MDBhLWE4ZWUtYTdkZmY1ZTRiZjUw' 'sha256-+SoN4AYEO7MIojy8t+pMAZVDX7KhQzTQI+8i7LAo6HM=' 'sha256-111DY6ucUS2euDqh93ylFTnnaf+9aYuD3PJWCgYTn+w=' 'sha256-1QiKvWvaeuGeYkEbME0QclU2tCRDQDKlL0+XrFuFVmE=' 'sha256-4OZKYuOHAce0LSFazkaayEWT6JLiXt0Lgcre3+Sjuis' 'sha256-5hBVOyELPCqO/N8CikapnRXXhZz/HRHfgNRUZjqshG4=' 'sha256-BzHBoZ8xtfQm3LNTbReiluIPQRcxisgx2mdRNwpNHcU=' 'sha256-HNMk6SVD8tUFzYDasCBApUarqEuczJ8aXgX1n5N0p7Q=' 'sha256-I0qRwJzAAHaN1/K5UoQ0GuHLe7PtFhYYrrarj8PErRw=' 'sha256-IPgMRJYZUz8lznT1nRXD6HDFgXoVQQVY/3wT108wLLc=' 'sha256-L7S+VtFKJtIFUp0HP9li29GjkFAcQontRK8dW5uQsA8=' 'sha256-Y/Nm6FoRDI7eFQwN1V+6XqC4IbTg8tzyEPJSfNZBxME=' 'sha256-ccEm0GiYLjsbXK3KbKT4QFcC00OAoxtFYKLZSuMuo8k=' 'sha256-eJYOFA2XbEBxR3DHqvNKwdAh8lugXzY/fgrkbF2gzMo=' 'sha256-fApKFPeDHEwP3jIdVMBOuJMYDSkTooaFkD59Sp8RN0M=' 'sha256-grdef4AlM85kk/jkVX+XN4vPTxKfb/Kx7cURs8XZBDE=' 'sha256-l6DO/mJ8d7LuRBtvgk+eUTzCnCcJ6jXkDQ7iMTcjmmo=' 'sha256-tUnHUS+zXnbf2U7tp5cxVGi7KZn4YeMzH5kcUUtxnHc=' 'sha256-GEml+/1QhullJ26IDnspgB/ZHk6oHioZ+3IEZjF/lQM=' 'sha256-DhcNoYJ+4BdozHBpXwc2uzUlM1y2H1qworc7Y/0EBwo=' 'sha256-EgA3qdZo5t1vrnBfQB4YYtKnZ0j43PaUnZd90a4RYiU=' 'sha256-ylSwfDEamwBoNmPGoe40ma7y0SxPdtkxysEVLQnGNfw=' 'sha256-3s6LVAE1ivJpM/6p9skjGrYLK/vMgq5sJODz9qyTfVI=' 'sha256-pryN4nEG+LYnboZ3wF0veqfpVrFM0H+XQ+YTvEX+1OY=' 'sha256-nRZ2m8aLyL/zOcREdLeqnvVBWLjBmoW6X4ijuye3zII=' 'sha256-o/NUrrzAdIF261Ux8Sl/8YAa2JMZ52ZTHIAMPStxnHc=' 'sha256-dPSLi75gtxNyfA1e5E3/XwS7uNY0QZANNaXq9FI9PoY=' 'sha256-EyanOBIWBYxsGVsd3L53j7g8CVY26iBAKa3vX3vYTmI=' *.acuityscheduling.com/ *.ads-twitter.com *.amplitude.com *.bing.com *.cookieyes.com *.customer.io *.daily.co *.facebook.net *.gist.build/ *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.impactcdn.com *.intercom.io *.intercomcdn.com *.licdn.com/ *.onesignal.com *.productfruits.com *.segment.com *.stripe.com *.ssqt.io fast.ssqt.io *.trustpilot.com *.youtube.com accounts.google.com blob://* cdn-cookieyes.com embed.typeform.com onesignal.com vercel.live/ vitals.vercel-analytics.com vitals.vercel-insights.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;style-src 'self' 'unsafe-inline' *.cookieyes.com *.intercom.io *.intercomcdn.com *.productfruits.com *.googletagmanager.com *.ssqt.io *.typeform.com cdn-cookieyes.com fonts.googleapis.com *.gstatic.com onesignal.com vercel.live;worker-src 'self' blob:;report-to default;report-uri https://flown-reports.uriports.com/reports/report; 1
default-src 'self' 'unsafe-inline' https://www.youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://themes.googleusercontent.com https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.biosafety.be/report-csp-violation 1
default-src 'self' 'unsafe-inline' *.itzbund.de itzbund.de *.zoll.de zoll.de *.talent-im-einsatz.de sg.geodatenzentrum.de *.openstreetmap.org https://medien.zoll.bund.de;  img-src 'self' *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.org data:; script-src 'self' 'unsafe-inline' *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.org 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.globalsign.com shutto.com www.googletagmanager.com ajax.googleapis.com www.google.co.jp cse.google.co.jp apis.google.com www.google-analytics.com s.yimg.jp s.yjtag.jp *.yahoo.co.jp www.googleadservices.com googleads.g.doubleclick.net; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:;style-src 'self' 'unsafe-inline' shutto.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com; img-src 'self' yamaha-motor-shc.jp www.google-analytics.com www.google.com www.google.co.jp www.googletagmanager.com *.googleusercontent.com i.ytimg.com data:;child-src blob: apis.google.com accounts.google.com ;object-src 'self' ;media-src 'self' blob: ;connect-src 'self' www.google-analytics.com https://www.google.com stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com/ https://www.google.com; frame-ancestors 'self'; 1
default-src https://www.pitmodule.de http://www.pitmodule.de https://counter.pitmodule.de https://www.pitcom-webanalyse.de img-src 'self' data:; 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://nhs.attendanywhere.com https://feeds.trac.jobs/ https://www.google-analytics.com *.google.com *.googleapis.com https://*.google.com https://*.google.co.uk https://*.googletagmanager.com- https://*.g.doubleclick.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com code.jquery.com paybox.pagoplux.com da.api.debitosautomaticos.net.ar cdnjs.cloudflare.com checkout.placetopay.ec *.googletagmanager.com youtube.com *.googleapis.com analytics.tiktok.com connect.facebook.net www.google-analytics.com google-analytics.com google.com googleadservices.com unpkg.com *.googleapis.com static.hotjar.com googleads.g.doubleclick.net client.crisp.chat script.hotjar.com www.google.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net/en_US/fbevents.js iframeunicef.bizland.tech; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1
default-src 'self'  ;script-src 'self'   'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline'  ;img-src 'self' data:  ; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google.se *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com *.redditstatic.com *.doubleclick.net; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com *.reddit.com *.doubleclick.net *.googlesyndication.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com *.googletagmanager.com *.doubleclick.net *.issuu.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com *.reddit.com  *.redditstatic.com *.google.se *.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 1
default-src 'self' 'unsafe-inline' wss: https://*.jivosite.com/ data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*;script-src * 'unsafe-inline' 'unsafe-eval' blob: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;style-src * 'unsafe-inline'  https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* ;img-src * data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:* blob: ;font-src 'self' data: https://bitrix.info:* https://www.chay.info:* https://*.bitrix.info:* https://cdnjs.cloudflare.com:* https://site.ru:* https://yandex.ru:* https://mc.yandex.ru:* https://oss.maxcdn.com:* https://*.maps.yandex.net https://geocode-maps.yandex.ru:* https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://code.jivosite.com:* https://googleads.g.doubleclick.net:* https://www.googleadservices.com:* https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://www.google-analytics.com:* https://maps.google.com:* https://*.googleapis.com:* https://api.mapbox.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.googleapis.com:* https://*.jivosite.com:* https://cdn.voximplant.com:* https://www.gravatar.com:* https://yastatic.net:* https://*.youtube.com:* https://*.google.com:* https://*.ytimg.com:* https://suggestions.dadata.ru:* https://connect.facebook.net:* https://stats.g.doubleclick.net:* https://events.mapbox.com:* https://google-analytics.bi.owox.com:* https://cdn.jsdelivr.net:* https://youtube.com:* https://stat.tildacdn.com:* https://static.tildacdn.com:* https://googleads.g.doubleclick.net:* https://connect.facebook.net:* https://www.facebook.com:* https://awards.ratingruneta.ru:* https://static.doubleclick.net:* https://*.gstatic.com:* https://*.getbutton.io:* https://metrika.yandex.ru:* https://metrika.yandex.by:* https://metrica.yandex.com:* https://metrica.yandex.com.tr:* https://webvisor.com:* https://rutube.ru:*; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com  www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com  www.googletagmanager.com; worker-src 'self'; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' blob: *.readspeaker.com http://multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-src https://www.youtube.com 'self'; child-src https://www.youtube.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self'  *.webspellchecker.net/  https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com  *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'   *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'   *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'   *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
   default-src 'self' 'unsafe-eval';    base-uri 'self';    style-src 'self' 'unsafe-inline';    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de;    object-src 'self' multimedia.gsb.bund.de;    media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com;    frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com;    img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de;    connect-src 'self' *.itzbund.de;    frame-ancestors 'self';    worker-src 'self'; 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.webspellchecker.net 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.vimeocdn.com s.ytimg.com piwik.itzbund.de; object-src 'self' *.gsb.bund.de; media-src 'self' *.gsb.bund.de *.youtube.com *.vimeo.com *.vimeocdn.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com playout.3qsdn.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.vimeocdn.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.addtoany.com *.youtube.com live-sip-platform.pantheonsite.io; object-src 'self' *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org; img-src 'self' data: *.gstatic.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.googleapis.com i.ytimg.com; media-src 'self'; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.spotify.com player.vimeo.com *.vimeo.com vimeo.com; font-src 'self' data:; connect-src 'self' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.us-central1.run.app *.conversionsapigateway.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.analytics.google.com stats.g.doubleclick.net matomo.sauerbruchhutton.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com/api/player.js https://www.googletagmanager.com/gtag/js matomo.sauerbruchhutton.de; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://i.vimeocdn.com https://www.google.de matomo.sauerbruchhutton.de; frame-src 'self' https://player.vimeo.com 1
default-src 'self'; child-src 'self' blob:; connect-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.google.com https://www.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://px.ads.linkedin.com https://*.googlesyndication.com https://*.analytics.google.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.doubleclick.net https://*.googleadservices.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.cookieyes.com https://*.simplecast.com https://*.youtube.com https://*.vimeo.com https://*.youtu.be https://*.spotify.com https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.jotform.com https://*.flipsnack.com; img-src 'self' https://*.elliottletters.com *.elliottletters.com https://elliottletters.com https://dev-elliott-letters.pantheonsite.io https://test-elliott-letters.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://analytics.twitter.com https://secure.gravatar.com https://*.jotform.com https://*.google.com blob: data:; object-src; script-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.googleadservices.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.spotify.com https://*.doubleclick.net https://*.jotform.com https://*.google.com https://static.cloudflareinsights.com 'unsafe-inline' 'report-sample'; style-src 'self' https://*.elliott-letters.test https://*.dev-elliott-letters.pantheonsite.io https://*.test-elliott-letters.pantheonsite.io https://*.elliottletters.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; upgrade-insecure-requests 1
base-uri 'self' https://www.pink.test https://www.selesti.com; default-src 'self' https://*.clarity.ms *.clarity.ms https://c.bing.com c.bing.com 'unsafe-inline'; connect-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.facebook.net *.facebook.net https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-growth-metrics.com *.hs-growth-metrics.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsadspixel.net *.hsadspixel.net https://*.hubspot.com *.hubspot.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://api.hubapi.com api.hubapi.com https://apis.google.com apis.google.com https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://googleadservices.com googleadservices.com https://js.hs-banner.com js.hs-banner.com https://js.hsforms.net js.hsforms.net https://player.vimeo.com player.vimeo.com https://poirot.selesti.com poirot.selesti.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net https://*.clarity.ms *.clarity.ms https://*.analytics.google.com *.analytics.google.com https://*.cookiebot.com *.cookiebot.com https://*.googlesyndication.com *.googlesyndication.com https://*.linkedin.oribi.io *.linkedin.oribi.io; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com https://forms.hsforms.com forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://app.hubspot.com app.hubspot.com https://forms.hsforms.com forms.hsforms.com https://*.cookiebot.com *.cookiebot.com; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.google-analytics.com *.google-analytics.com https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.jp *.google.co.jp https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.se *.google.se https://*.google.sk *.google.sk https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hsforms.com *.hsforms.com https://*.hsforms.net *.hsforms.net https://*.hubspot.com *.hubspot.com https://*.linkedin.com *.linkedin.com https://cx.atdmt.com cx.atdmt.com blob: data:; media-src https://*.vimeo.com *.vimeo.com https://*.vimeocdn.com *.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://ssl.gstatic.com ssl.gstatic.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.net *.facebook.net https://*.google-analytics.com *.google-analytics.com https://*.google.ae *.google.ae https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.au *.google.com.au https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.de *.google.de https://*.google.fr *.google.fr https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.ru *.google.ru https://*.google.sk *.google.sk https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-banner.com *.hs-banner.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsforms.net *.hsforms.net https://*.hsforms.com *.hsforms.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://js.hsadspixel.net js.hsadspixel.net https://*.clarity.ms *.clarity.ms https://*.cookiebot.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com 'unsafe-inline'; worker-src 'self'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; upgrade-insecure-requests 1
allow 'self'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com  https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com https://www.facebook.com https://w.soundcloud.com https://open.spotify.com; script-src 'self' 'unsafe-inline' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk https://www.youtube.com https://cdn-cookieyes.com; connect-src 'self' https://sentry.io https://noembed.com https://cdn.plyr.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://region1.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://www.googletagmanager.com; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://unpkg.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.mailchimp.com *.recaptcha.net https://www.recaptcha.net https://translate.googleapis.com https://translate.google.com;; script-src script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com *.google.com https://www.gstatic.com https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.recaptcha.net;; report-uri /report-csp-violation; upgrade-insecure-requests 1