Values for x-webkit-csp:
report-uri /report-csp-violation 32
default-src 'self' 27
report-uri //report-csp-violation 15
default-src 'self'; 13
default-src 'self'; script-src 'self' 'unsafe-inline' 13
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 10
referrer origin 9
allow 'self'; 8
frame-ancestors 'self' 7
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 7
report-uri /report-csp-violation; upgrade-insecure-requests 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=anonweb 5
connect-src * 'self' 5
frame-ancestors 'self' https://*.adventhealth.com 5
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com 5
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
frame-ancestors 'self' weleda.sabio.de 4
default-src https: 'unsafe-inline' 4
prefetch-src *.metartnetwork.com; default-src 'self' blob: *.metartnetwork.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 3
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3
3
frame-ancestors 'none' 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co https://rc.sageintacct.com https://js.driftt.com; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com; 2
policy-uri /'self' 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com  *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.com *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; frame-src 'self' *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; media-src 'self' data: blob: embedwistia-a.akamaihd.net *.podbean.com 2
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.ensighten.com gateway.zscalertwo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.rawgit.com *.tools.investis.com *.nexus.ensighten.com nexus.ensighten.com tagmanager.google.com gateway.zscalertwo.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.hs.llnwd.net; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com gateway.zscalertwo.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com; report-uri /report-csp-violation 2
default-src 'self'; font-src data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com; frame-src https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://snap.licdn.com; 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
frame-ancestors 'self' https://*.etracker.com 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
default-src 'self' shop.bestservice.de dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 2
self 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 2
defult-src 'self' 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com 1
policy-uri /parivahan/'self' 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.euro-area-statistics.org *.ims-cms.net data: ; 1
object-src https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1
default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de data: blob: *.avm.de;frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 1
frame-ancestors *.payback.de 1
default-src 'self' *.poliziadistato.it:* blob: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it *.raiplay.it *.rai.it 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com https://js.getuserflow.com/; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com https://js.getuserflow.com/ https://storage.googleapis.com/studio1-prod-blob/; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com https://e.getuserflow.com/ wss://e.getuserflow.com/ https://js.getuserflow.com/ https://api-js.mixpanel.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com www.google.com; script-src 'self' static.integromat.com www.google-analytics.com www.google.com www.gstatic.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com https://js.getuserflow.com/ https://cdn.mxpnl.com/; object-src 'self' static.integromat.com; media-src 'self' static.integromat.com https://storage.googleapis.com/studio1-prod-blob/ 1
frame-src *.deutschland-machts-effizient.de *.youtube-nocookie.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://code.highcharts.com https://oss.maxcdn.com https://connect.trezor.io wss://wallex.market:8443 wss://wallex.ir:8443 wss://www.wallex.ir:8443 https://blockexplorer.com https://www.localbitcoinschain.com https://test-insight.bitpay.com https://api.etherscan.io https://api-ropsten.etherscan.io https://bitcoincash.blockexplorer.com https://blockdozer.com https://bch.coin.space https://insight.litecore.io https://insight.dash.org https://saveload.tradingview.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.gstatic.com wss://test-insight.bitpay.com https://api.omniexplorer.info https://chain.api.btc.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.google.com/maps/embed https://*.purechat.com wss://*.purechat.com https://secure.gravatar.com https://*/app.purechat.com https://cdn.ckeditor.com https://www. .com https://www.google-analytics.com https://maps.googleapis.com https://tradingview.com https://*.tradingview.com wss://tradingview.com wss://*.tradingview.com https://www.aparat.comhttps://*.heatmap.it https://coincap.io wss://ws.wallex.market wss://ws.coincap.io https://*.purechatcdn.com https://*.alexa.com https://cdn.polyfill.io https://www.gstatic.com https://*.crisp.chat wss://*.crisp.chat wss://stream.binance.com:9443 wss://wsc.wallex.ir wss://wsc.wallex.ir:8443 wss://ws.wallex.ir https://*.wallex.ir https://wallex.market https://*.yektanet.com https://*.hotjar.com wss://*.hotjar.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com https://bam.nr-data.net tagmanager.google.com https://www.google.com/recaptcha/api.js https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com cache.bureauveritas.com pr.globenewswire.com www.globenewswire.com https://www.google.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com blob: https://banner.appsflyer.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io/api/ https://fcm.googleapis.com *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
default-src 'self' 'unsafe-inline' *.jsdelivr.net *.twitter.com *.clicktale.net *.hotjar.com public.tableau.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.syndication.twimg.com siteimproveanalytics.com *.hotjar.io *.googletagmanager.com *.google.com *.ipaustralia.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.ipaustralia.gov.au *.googleapis.com *.gstatic.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.clicktale.net *.hotjar.com siteintercept.qualtrics.com public.tableau.com *.siteintercept.qualtrics.com *.syndication.twimg.com siteimproveanalytics.com *.hotjar.io *.googletagmanager.com *.google.com *.ipaustralia.gov.au *.inq.com *.g.doubleclick.net *.google-analytics.com *.ipaustralia.gov.au *.googleapis.com *.webspellchecker.net *.gstatic.com; object-src 'none'; style-src 'self' * 'unsafe-inline' ; img-src * 'unsafe-inline' data: ; frame-ancestors 'self' https://www.ipaustralia.gov.au https://services.ipaustralia.gov.au https://public.tableau.com *.ipaustralia.gov.au *.twitter.com *.hotjar.com *.youtube.com *.inq.com ipaustralia.inq.com https://media-aus.inq.com https://ipaustralia.inq.com https://public.tableau.com; font-src 'self' * 'unsafe-inline' ; connect-src 'self' * 'unsafe-inline' ; report-uri /report-csp-violation 1
child-src form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://dev-gpc-1.sg.va.sabio.cloud https://va.ecitizen.gov.sg *.mycareersfuture.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg; script-src blob: www.google-analytics.com connect.facebook.net s.yimg.com sp.analytics.yahoo.com www.googleadservices.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.app.gov.sg; report-uri /csp-report 1
script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.googleoptimize.com www.google-analytics.com connect.facebook.net https://vk.com 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' api.usersnap.com cdn.usersnap.com cs.money mc.yandex.ru diffuser-cdn.app-us1.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net api.basisid.com https://cdn.amplitude.com sc-static.net support.cs.money embed-sandbox.bridgerpay.com embed.bridgerpay.com cs.money; worker-src 'self' data: blob: cs.money; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de; ; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de; frame-src 'self' *.youtube-nocookie.com; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de; frame-ancestors 'self'; 1
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:*;report-uri /reporting/csp.htm 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com  www.bpost2.be bpaid.unfyd.com mediahuisassets.akamaized.net cdn.cxense.com scomcluster.cxense.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net privacyportal-de.onetrust.com cdn.cookielaw.org d30o8tpw3q5jvi.cloudfront.net s.pinimg.com ct.pinterest.com gitcdn.github.io; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com track.bpost.cloud track.bpost.be d30o8tpw3q5jvi.cloudfront.net; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org d30o8tpw3q5jvi.cloudfront.net db.onlinewebfonts.com gitcdn.github.io; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org d30o8tpw3q5jvi.cloudfront.net ct.pinterest.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.bpost.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com bpaid.bpost.be track.bpost.cloud track.bpost.be d30o8tpw3q5jvi.cloudfront.net; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be  cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com track.bpost.cloud track.bpost.be d30o8tpw3q5jvi.cloudfront.net db.onlinewebfonts.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2 track.bpost.cloud track.bpost.be d30o8tpw3q5jvi.cloudfront.net vc.hotjar.io  ct.pinterest.com; report-uri /nl/report-csp-violation 1
upgrade-insecure-requests; 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net http://zoom.us zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data: https://fonts.gstatic.com https: 1
frame-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com data: *.motel-one.com; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com fonts.googleapis.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; child-src 'self' *; font-src 'self' *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
child-src 'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io; default-src tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com  https://*.surveymonkey.com https://walls.io   https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://www.google.com https://www.google-analytics.com/analytics.js data: https://www.youtube.com https://www.google-analytics.com https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://js-agent.newrelic.com https://ajax.cloudflare.com cdn.ckeditor.com https://unpkg.com https://maxcdn.bootstrapcdn.com; report-uri /admin/config/system/seckit/csp-report 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sitescout.com *.pixel.ad *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.sharethis.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com  *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com *.cloudflare.com *.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.sitescout.com *.pixel.ad *.serving-sys.com  *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net *.cloudflare.com *.linkedin.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' http: https: www.krebshilfe.de dkh-stage.dwprev.com; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src *; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*.embedly.com https://*.cloudfront.net https://*.google-analytics.com https://*.twitter.com https://*.facebook.com https://*.rackcdn.com http://*.rackcdn.com https://*.newrelic.com https://*.facebook.net https://*.addthis.com https://maps.google.com https://maps.gstatic.com https://*.googleapis.com https://*.openstreetmap.org https://*.virtualearth.net https://*.mozilla.org; style-src 'self' 'unsafe-inline' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://*.twitter.com https://*.embedly.com https://*.twitter.com https://*.facebook.com https://fonts.googleapis.com https://*.rackcdn.com http://*.rackcdn.com https://*.addthis.com https://*.openstreetmap.org https://*.virtualearth.net; img-src *; media-src *; frame-src *; connect-src *; object-src *; font-src 'self' data: https://*.typekit.com https://*.google.com https://themes.googleusercontent.com; 1
upgrade-insecure-requests 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' *.altmetric.com *.cloudfront.net *.hotjar.com *.hotjar.io 'unsafe-eval' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js ; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-989139721ee68548e7d99f96414940fb' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com https://w.soundcloud.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.youtube.com www.youtube.com *.vhall.com e.vhall.com *.storify.com http://storify.com http://storify.com *.twimg.com atlas.media.mit.edu *.podio.com fast.fonts.net *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' fast.fonts.net; object-src *.youtube.com www.youtube.com *.ytimg.com *.googlevideo.com *.vhall.com e.vhall.com https://player.soundcloud.com; 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.adobedtm.com http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://bat.bing.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com; img-src 'self' data: 'unsafe-inline' https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://connect.facebook.net https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://www.gstatic.com/charts/ http://www.google-analytics.com https://ssl.google-analytics.com https://*.gstatic.com/feedback/ https://www.gstatic.com/charts/ https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://www.gstatic.com/charts/ https://spreadsheets.google.com/ https://docs.google.com/; img-src * data: blob:; font-src *; 1
default-src 'self'; connect-src 'self' data: 'unsafe-inline' https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://bat.bing.com https://assets.adobedtm.com https://*.adobedtm.com https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://bat.bing.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://sumo.com https://*.sumo.com https://*.sumome.com https://sumo.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-eval'; media-src 'self' data:; frame-src 'self' data: 'unsafe-inline' http://*.amegybank.com https://*.amegybank.com https://rise.articulate.com https://*.online-metrix.net https://*.issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-ancestors 'self' https://banking.amegybank.com 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.infogram.com:* *.quiz-maker.com:* *.sharethis.com:* *.cloudflare.com:* *.bootstrapcdn.com:* *.poll-maker.com:* *.google-analytics.com:* *.ytimg.com:* *.twimg.com:* *.disquscdn.com:* disqus.com:* *.disqus.com:* *.googletagmanager.com:* *.consensu.org:* *.gstatic.com:* *.googleapis.com:* *.fontawesome.com:* *.addtoany.com:* *.unicef.org:* *.disqus.com:* *.facebook.com:* *.facebook.net:* *.google.com:* *.linkedin.com:* *.twitter.com:* *.umblr.com:* *.unicef.org:* *.unicef.org.au:* *.youtube.com:* *.instagram.com:* *.newrelic.com:* *.nr-data.net:* *.soundcloud.com:* *.spotify.com:* *.office.com:* *.tiktok.com:* *.tiktokcdn.com:* *.tiktokv.com:* *.ibytedtos.com:* data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.gstatic.com:* *.googleusercontent.com:* *.googleapis.com:* *.googleapis.com:* *.fontawesome.com:* data:; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://audit-api.prozorro.gov.ua https://swift-prod.prozorro.gov.ua https://cdn2.prozorro.gov.ua https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://js.stripe.com https://hooks.stripe.com https://www.paypal.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de https://api.betterplace.org/ https://sentry.okfn.de https://api.stripe.com;child-src 'self' blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;frame-ancestors 'self';report-uri https://sentry.okfn.de/api/3/security/?sentry_key=f00c20a879414df69051163a90597a8c; 1
child-src 'self'; connect-src 'self' api.blocktrades.us steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-internal.steemit.com beta-api.steemit.com beta-api-int.steemit.com; default-src 'self'; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com  loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com d34l49dszxxnhj.cloudfront.net optimize.google.com optimize.google.com/* *.optimize.google.com *.pagead2.googlesyndication.com/*; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com 'self' d34l49dszxxnhj.cloudfront.net *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/;; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com svc.webspellchecker.net d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com svc.webspellchecker.net loader.webspellchecker.net  d34l49dszxxnhj.cloudfront.net  optimize.google.com optimize.google.com/* *.optimize.google.com ; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com loader.webspellchecker.net webspellchecker.com embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com *.loader.webspellchecker.net svc.webspellchecker.net optimize.google.com optimize.google.com/* *.optimize.google.com  embeds.audioboom.com; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com d34l49dszxxnhj.cloudfront.net; connect-src 'self'  *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/;; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aduc.it *.addthis.com *.facebook.net *.twitter.com *.moatads.com *.addthisedge.com *.google-analytics.com *.google.com; object-src 'self' *.aduc.it; style-src 'self' 'unsafe-inline' *.aduc.it *.google.com; img-src 'self' data: *.aduc.it *.twitter.com *.google-analytics.com *.google.com; media-src 'self' *.aduc.it; frame-src 'self' *.aduc.it *.addthis.com *.facebook.com *.twitter.com *.google.com *.youtube.com; font-src 'self' *.aduc.it; connect-src 'self' *.aduc.it *.addthis.com *.google-analytics.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cdn.printfriendly.com https://cdn.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: https://s.yimg.com http://cdn.printfriendly.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self'; frame-src 'self' data: https://static.addtoany.com https://fwb.malaysiaairports.com.my https://www.youtube.com https://www.google.com; frame-ancestors 'self' https://fwb.malaysiaairports.com.my; child-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com; report-uri //report-csp-violation 1
frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net; 1
default-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com; img-src * blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.app.khoros.com *.smooch.io; report-uri /admin/config/system/seckit/csp-report 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
default-src 'self' https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.trier-info.de https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.pegelonline.wsv.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/lightslider/1.1.6/js/lightslider.js 'unsafe-inline' 'unsafe-eval' 1
default-src=self 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru  *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com fast.wistia.net googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com app.humdash.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com  *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct app.humdash.com cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com fast.wistia.net *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' data.zortrax.com http://3dprint.zortrax.com 3dprint.zortrax.com 3dprinting.local *.luckyorange.net ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com  ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com https://js-agent.newrelic.com/nr-1099.min.js https://sjs.bizographics.com/insight.min.js px.ads.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://js-agent.newrelic.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com gl.hostcg.com/js/genlead.js; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://bam.nr-data.net https://stats.g.doubleclick.net; report-uri https://csp-report-uri.bureauveritas.com 1
default-src 'self' *.google-analytics.com *.salesforce.com *.crazyegg.com bam.nr-data.net *.facebook.net *.facebook.com *.ads-twitter.com  *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com bam.nr-data.net *.google-analytics.com js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/ *.facebook.net *.ads-twitter.com *.twitter.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.crazyegg.com bam.nr-data.net *.google-analytics.com *.doubleclick.net js-agent.newrelic.com *.stripe.com s3.amazonaws.com/trk.cetrk.com/ *.facebook.com *.twitter.com t.co; frame-src 'self' *.stripe.com *.salesforce.com *.vimeo.com *.youtube.com; font-src 'self' 'unsafe-inline'; report-uri /report-csp-violation 1
frame-ancestors https://www.bdli.de/ https://staging.bdli.de *.ila-berlin.de localhost ila.lndo.site http://ila.lndo.site:8000; report-uri //report-csp-violation 1
default-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com embed.typeform.com www.googletagmanager.com www.youtube.com tagmanager.google.com sc.01.sana-apps.de; img-src *; style-src 'self' 'unsafe-inline'; media-src 'self'; connect-src 'self' vendorlist.consensu.org; font-src 'self'; frame-ancestors 'self' www.sanadaily.de localhost sc.01.sana-apps.de; frame-src 'self' sc.01.sana-apps.de sanadigital.typeform.com maps.google.de *.google.com www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://codero--sitestudio.na171.force.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
base-uri 'self' https://d3gcmglegmnvz8.cloudfront.net/; child-src 'self' https://*.google.com https://*.eum-appdynamics.com https://*.appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; frame-src 'self' https://*.google.com https://*.eum-appdynamics.com https://*.appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://*.facebook.com/ https://accounts.google.com/ https://www.google.com/ https://www.youtube.com/ gap:; connect-src 'self' https://*.google.com https://*.eum-appdynamics.com https://*.appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br; default-src 'self' https://*.eum-appdynamics.com https://*.appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.googleapis.com https://d3gcmglegmnvz8.cloudfront.net/ https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com https://*.hotjar.com/; img-src 'self' data: https://www.gstatic.com https://*.ytimg.com https://*.eum-appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ wss://*.hotjar.com/ https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/; media-src https://d3gcmglegmnvz8.cloudfront.net/; object-src https://d3gcmglegmnvz8.cloudfront.net/; script-src 'self' https://*.google.com https://*.eum-appdynamics.com https://*.appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.nr-data.net https://*.newrelic.com/ https://*.facebook.com/ https://*.facebook.net https://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://accounts.google.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://seal.geotrust.com/ https://www.youtube.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.eum-appdynamics.com https://*.appdynamics.com https://fonts.googleapis.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ 'unsafe-inline'; frame-ancestors 'self' https://*.google.com https://*.eum-appdynamics.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://*.hotjar.com/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ gap:; referrer origin-when-cross-origin; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=TmMlWIiuQpmwI7n8ZCnvCCaQ3j%2fKIeh5MdlWfNE2AtThQZLlM94KzU1oEw9kcnvKOWo2Mr%2f19p4LtsrcH1fC1lwxS%2boNLZzDjoIkKu6x922fFmjAug0CkGfql9dvKatq; 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://*.sumome.com https://*.sumo.com https://sumo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googletagmanager.com https://*.issuu.com https://*.adobedtm.com https://connect.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.doubleclick.net http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://issuu.com https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' *.zdassests.com *.cloudinary.com; connect-src https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.myshopify.com https://*.openshiftapps.com localhost:* https://sentry.io *.yotpo.com www.google-analytics.com likeshop.me https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.hotjar.io https://*.hotjar.com https://devacurl.2m8f.net wss://widget-mediator.zopim.com https://*.doubleclick.net https://*.facebook.com https://*.trackedweb.net https://*.cookielaw.org https://*.onetrust.com/ *.amplitude.com https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html https://*.pinterest.com https://*.bing.com; font-src 'self' *.yotpo.com *.gstatic.com fonts.gstatic.com data: likeshop.me; frame-src *.doubleclick.net optimize.google.com *.phorest.me phorest.me phorest.com *.dotmailer-surveys.com *.hotjar.com *.youtube.com *.googletagmanager.com *.facebook.com; img-src * data: blob: www.google-analytics.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.yotpo.com *.doubleclick.net *.google.com *.dashhudson.com *.google.com *.bing.com *.hotjar.com *.facebook.net *.zdassets.com https://widget-mediator.zopim.com *.dotmailer-surveys.com https://*.impactradius-event.com *.cookielaw.org https://*.trackedweb.net https://*.onetrust.com https://*.afterpay.com https://*.pinimg.com https://*.pinterest.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://*.yotpo.com https://*.google.com https://*.googleapis.com https://*.mapbox.com; report-uri https://sentry.io/api/1474106/security/?sentry_key=71495ca5d2814cc995ebaa6fa5461d8f&sentry_environment=prod; media-src 'self' *.zdassets.com *.cloudinary.com dashhudson-static.s3.amazonaws.com https://*.dashhudson.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.skeyes.be http://*.belgocontrol.be https://www.openstreetmap.org http://opendatacommons.org https://www.google.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://www.youtube.com https://create.smart2vr.com https://ssl.google-analytics.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com 1
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 1
worker-src 'self' data: blob: *.arcgisonline.com js.arcgis.com *.arcgis.com; default-src 'self' data: localhost:* *.google.com *.mopinion.com *.arcgisonline.com js.arcgis.com *.arcgis.com *.googleapis.com media.licdn.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waterschappen.mijnstem.nl agv.mijnstem.nl app.mijnstem.nl mijnstem.sales.ivox.be waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com www.youtube.com www.google.nl www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.ytimg.com  *.mopinion.com *.arcgisonline.com js.arcgis.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdnjs.cloudflare.com cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.mopinion.com *.arcgisonline.com js.arcgis.com  epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://secure-mailgate.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://unpkg.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net https://unpkg.com;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net https://img.shields.io;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://youtube.com  https://www.youtube.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1
base-uri 'none'; default-src 'none'; child-src https://www.google.com; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.google.com; img-src 'self'; object-src 'none'; script-src 'nonce-9tHHcqvxXEMlE6g+nvvwKA==' 'strict-dynamic'; style-src 'self'; worker-src 'self'; 1
default-src * ; script-src * 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri /en/report-csp-violation 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
frame-ancestors *.amboss.com 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'none'; img-src *; media-src s3.amazonaws.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com script.hotjar.com static.hotjar.com d.impactradius-event.com; connect-src *.easyship.com in.hotjar.com vc.hotjar.io easyship.ilbqy6.net; frame-src vars.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src 'self'; connect-src 'self' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com http://*.vectrabank.com https://*.vectrabank.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com https://sumo.com https://*.sumome.com https://*.sumo.com; script-src 'self' data: 'unsafe-inline' https://bat.bing.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.linkedin.com https://*.bufferapp.com https://*.pinterest.com https://*.reddit.com https://*.adobedtm.com https://connect.facebook.net https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.vectrabank.com https://*.zionsbank.com https://*.cludo.com https://*.sumome.com https://*.sumo.com 'unsafe-eval'; object-src 'self' data: https://*.vectrabank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.vectrabank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com https://*.sumome.com https://*.sumo.com; media-src 'self' data:; frame-src 'self' https://*.vectrabank.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-ancestors 'self' https://banking.vectrabank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://www.kayak.fr 1
frame-ancestors 'self' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: stats.hft-stuttgart.de; connect-src 'self' *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-IcEYGUy3n5LHUtzX+3LL5o9E' 'nonce-9q3EOV+Y1AON2TJvea/mkvN8' 'nonce-JmD/WqXIk7qgiRBIBojWzWij' 'nonce-2MbBJktogLRAVnFWyrJ16AL4' 'nonce-XrveO9fe/U28r1EvhW7txzyq' 'nonce-/53PKKhpy7KYYqJbMfqmnHot' 'nonce-cYwPjmMg+/QgNGjlshuFimQW' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
script-src *.ldscdn.org *.lds.org *.churchofjesuschrist.org *.googleapis.com *.gstatic.com *.facebook.net *.justserve.org *.servir.org *.facebook.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com data: placehold.it placeholdit.imgix.net 'self' ws://localhost:3000 ws://10.0.2.2:3000 ws://localhost:8080 assets.adobedtm.com dpm.demdex.net cdn.tt.omtrdc.net ldschurch.tt.omtrdc.net *.tintup.com *.hypermoarks.com *.cloudfront.net players.brightcove.net vjs.zencdn.net edge.api.brightcove.com blob: * metrics.brightcove.com consent.truste.com consent-pref.truste.com 'unsafe-inline' 'unsafe-eval'; style-src *.fonts.net *.opendns.com *.googleapis.com *.justserve.org *.servir.org *.lds.org *.ldscdn.org *.churchofjesuschrist.org 'self' 'unsafe-inline' 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.stripe.com; 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mailsentinel.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomasbreads.com connect.facebook.net cdn.socialtwist.com ajax.googleapis.com www.googletagmanager.com assets.pinterest.com js-agent.newrelic.com *.pinterest.com  https://www.google-analytics.com https://bam.nr-data.net https://chat.consumercare.net  https://h6.consumercare.net  https://ad.atdmt.com https://www.econsumeraffairs.com https://www.google.com https://www.gstatic.com https://widgets.socialtwist.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.windows.net *.econsumeraffairs.com *.consumercare.net *.adtmt.com cdn.socialtwist.com  bam.nr-data.net *.revemarketing.com http://cdn.revemarketing.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.myfonts.net *.facebook.net *.facebook.com *.pinterest.com log.pinterest.com *.youtube.com *.doubleclick.net data: *.amgdgt.com *.econsumeraffairs.com *.consumercare.net *.socialtwist.com; connect-src 'self' *.revemarketing.com https://www.google-analytics.com  https://stats.g.doubleclick.net  wss://webchat.revemarketing.com; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
frame-ancestors http://my.rotary.org https://my.rotary.org 'self'; 1
base-uri *.emiratespost.ae 'self'; child-src * gap:; frame-src * gap:; connect-src *.typekit.net fonts.googleapis.com use.typekit.net maps.google.com platform.twitter.com *.readspeaker.com www.googletagmanager.com maps.googleapis.com cdn.syndication.twimg.com www.google-analytics.com happinessmeter.gov.ae www.google.com www.gstatic.com 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src *.typekit.net fonts.google.com fonts.googleapis.com fonts.gstatic.com happinessmeter.gov.ae 'self' data:; img-src * data: blob: blob:; media-src *.epg.gov.ae *.emiratespost.ae storage.googleapis.com 'self'; object-src 'none'; script-src maps.google.com platform.twitter.com *.readspeaker.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com cdn.syndication.twimg.com happinessmeter.gov.ae www.google.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.typekit.net fonts.googleapis.com use.typekit.net maps.google.com platform.twitter.com cdn1.readspeaker.com happinessmeter.gov.ae 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=1Xt5qd%2B0%2FwT9tdlaq7Rd6olo9mb%2FZRdIQPfJ4GtMOLXdCQQziJGjfu%2FPu%2B1dTTcXLeShYrG7bVJGzb9V4xBFng%3D%3D;  1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=IZ3Iar2e8WUNJ2HSzv7UZ035PxQ1IADZpwvUMlcZD5i6Ld2NxMs8Gvyi%2fgw1Z%2fiY0HYrShK%2fT7%2fPSkn67MYVwZfMJTdQn0bd9MF5lu2HwrskZFYHXRUmwtBlTvHwX6eyajYfWND35v8gLvm%2fK9ES5BF8OtO4zUL0B5eRHACPeMfN1Qjq51TZi%2b%2fH9%2bnCrAns; 1
base-uri 'none'; connect-src https://rum-http-intake.logs.datadoghq.com/ https://api.getdelta.io/; object-src 'none'; script-src 'unsafe-inline' https: 'nonce-ZTQ0Njk4OGItYjZmYi00ZTM5LTkzMzgtOWNhMzkzNzEzMzg1' 'strict-dynamic'; frame-ancestors 'none' 1
default-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au; script-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net cdn.curator.io s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.vision6.com.au www.google.com www.gstatic.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s.ytimg.com; style-src 'self' 'unsafe-inline' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.googleapis.com tagmanager.google.com cdn.curator.io; img-src 'self' data: youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com s7.addthis.com www.facebook.com pbs.twimg.com scontent-iad3-1.xx.fbcdn.net external-iad3-1.xx.fbcdn.net emarketing-au.s3-ap-southeast-2.amazonaws.com *.xx.fbcdn.net; frame-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com s7.addthis.com www.google.com; font-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au fonts.gstatic.com cdn.curator.io; connect-src 'self' youthcentral.vic.gov.au *.youthcentral.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au drwgdblqzrfiz.cloudfront.net cdn.curator.io api.curator.io m.addthis.com www.google-analytics.com stats.g.doubleclick.net; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://login.minusspam.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
default-src 'self' data: https:; object-src 'self'; script-src * data: 'unsafe-inline' https:; style-src 'self' data: 'unsafe-inline' https:; img-src * data: https:; 1
report-uri; 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'https://*.pchome.co.th'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://secure.blooom.com; form-action 'self' https://api.blooom.com; object-src 'none'; base-uri 'self' https://optimize.google.com; report-uri /api/log_csp_event 1
default-src 'self'; base-uri 'none'; form-action 'self' https://www.pcuonline2.org; frame-ancestors 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.pcu.org https://www.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://onlineaccess.pcu.org https://www.pcuonline2.org https://pcu.staging.wpengine.com https://www.pcu.org https://pcu.dev https://secure.gravatar.com https://www.google-analytics.com https://www.pcu.org https://maps.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://connect.facebook.net https://ajax.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.pcu.org https://fonts.googleapis.com https://code.ionicframework.com; img-src 'self' https://www.pcu.org https://www.google.com https://www.googletagmanager.com https://i0.wp.com https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; media-src 'none'; frame-src 'self' https://www.google.com/ https://pcu.mortgagewebcenter.com; font-src 'self' data: https://www.pcu.org https://fonts.gstatic.com https://code.ionicframework.com; connect-src 'self' https://stats.g.doubleclick.net 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com  https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com  https://druzynamaxa.edge.do https://surfly.io https://maxcdn.bootstrapcdn.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://*.googleusercontent.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ https://*.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.cerved.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.cerved.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.it *.doubleclick.net; frame-src 'self'; font-src 'self' *.googleapis.com *.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 1
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net http://zoom.us zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.addthis.com *.stripe.com *.doubleclick.net zoom.us *.zoom.us *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension:; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com https://static.hotjar.com https://script.hotjar.com;worker-src blob:;frame-src 'self' https://www.youtube-nocookie.com;frame-ancestors 'self'; 1
: upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-inline' 1
default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com  cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' syndication.twitter.com platform.twitter.com/; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net sdk.companywebcast.com https://ipapi.connectid.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com sdk.companywebcast.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com sdk.companywebcast.com streams.nfgd.nl; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 1
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be; report-uri //report-csp-violation 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
script-src 'self' http://clicky.com *.getclicky.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src data: https:; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https:; frame-src data: https:; font-src 'self' data: https:; connect-src data: https:; base-uri 'self'; 1
script-src 'self'  https://*.wistia.com https://embedwistia-a.akamaihd.net blob:  https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com  ajax.aspnetcdn.com  use.typekit.net  us1.siteimprove.com siteimproveanalytics.com  cdnjs.cloudflare.com  use.fontawesome.com  player.vimeo.com  clicky.com in.getclicky.com static.getclicky.com  code.jquery.com  'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://www.spamfilter.io https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' *.dohasooq.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://chat.freshdesk.com https://stats.pusher.com https://freegeoip.net https://t.omkt.co https://t3438570.icpro.co https://d36mpcpuzc4ztk.cloudfront.net query.yahooapis.com https://cdn.ckeditor.com code.highcharts.com code.jquery.com https://maps.google.com maps.googleapis.com https://bam.nr-data.net https://js-agent.newrelic.com cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com https://api.q-tickets.com https://apis.google.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://d36mpcpuzc4ztk.cloudfront.net https://cdn.ckeditor.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com; img-src 'self' data: https://t.omkt.co https://d36mpcpuzc4ztk.cloudfront.net http://www.q-tickets.com www.google.com https://maps.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://cdn.ckeditor.com  https://s3-ap-southeast-1.amazonaws.com  https://dohasooqproduction.s3.ap-south-1.amazonaws.com  https://d1ua6rfbo1g04v.cloudfront.net https://www.google-analytics.com https://www.google.co.in https://*.facebook.com https://www.googletagmanager.com;media-src 'self' www.youtube.com https://d36mpcpuzc4ztk.cloudfront.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.ionicframework.com;frame-src 'self' https://www.google.com https://www.youtube.com https://accounts.google.com https://*.facebook.com https://*.facebook.net;connect-src 'self' wss://ws.pusherapp.com https://*.facebook.com https://chat.freshdesk.com https://maps.googleapis.com wss://chat.freshdesk.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; object-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com https://ecard.quipugroup.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com ecard.quipugroup.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com *.yourcloudlibrary.com; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.aacpl.net *.googleapis.com *.gstatic.com *.libraryaware.com https://contentcafe2.btol.com *.blackbaudhosting.com *.libanswers.com *.google.com *.google-analytics.com *.ebscohost.com *.marmot.org *.youtube.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src data: https: http: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'unsafe-inline' https: http: blob: 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fontawesome.com *.sitemorse.com *.cloudflare.com *.userway.org *.jquery.com *.aspnetcdn.com *.craven-college.ac.uk *.craven-college.ac.uk *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.datatables.net *.bootstrapcdn.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.facebook.net *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; style-src 'self' 'unsafe-inline' *.craven-college.ac.uk *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.twitter.com *.datatables.net *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.facebook.net *.bootstrapcdn.com *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; img-src 'self' data: *.sitemorse.com *.w.org *.fbcdn.net *.craven-college.ac.uk userway.org *.userway.org *.linkedin.com *.facebook.com *.facebook.net *.instagram.com *.cdninstagram.com *.twitter.com *.datatables.net *.gstatic.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.google.co.uk *.youtube.com *.facebook.net *.bootstrapcdn.com *.googleadservices.com *.alicdn.com *.ytimg.com *.gravatar.com; media-src 'self'; frame-src 'self' *.soundcloud.com *.issuu.com *.matterport.com *.fls.doubleclick.net *.userway.org *.vimeo.com *.facebook.com *.twitter.com *.youtube.com *.google.com; font-src 'self' data: *.craven-college.ac.uk *.fontawesome.com *.bootstrapcdn.com *.alicdn.com *.gstatic.com; connect-src 'self' *.fontawesome.com *.plyr.io *.google-analytics.com *.facebook.com *.userway.org; worker-src blob: 'self' 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleapis.com www.youtube.com *.ytimg.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' 1
default-src 'self' https://media.entrepot-du-bricolage.fr; img-src 'self' https://www.facebook.com https://www.google.fr https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://uploads.entrepot-du-bricolage.fr data:; script-src 'self' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://js-agent.newrelic.com js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors https://*.canalplus.com https://*.cnews.fr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.buttercms.com *.griddynamics.com *.sentry-cdn.com *.apis.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net static.ads-twitter.com cdn.jsdelivr.net www.feedrapp.info *.pardot.com *.yandex.ru; style-src 'self' 'unsafe-inline' *.buttercms.com *.googleapis.com *.sentry-cdn.com; img-src 'self' data: *.buttercms.com grid-dynamics-blog.ghost.io *.griddynamics.com *.gstatic.com *.apis.google.com *.googleapis.com *.google.com *.google.com.ua *.google-analytics.com *.doubleclick.net stats.g.doubleclick.net mc.webvisor.org *.yandex.ru; font-src 'self' data: *.googleapis.com *.gstatic.com 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  http://tag.myaspectra.ch  https://app.certifaction.io ; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.google.com https://app.certifaction.io ; font-src 'self' https://fonts.gstatic.com  https://app.certifaction.io ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com ; img-src 'self' http//tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://tickets.norwichartscentre.co.uk https://my.matterport.com https://player.vimeo.com; script-src 'self' 'nonce-5AEemGb0xJptoIGFP3Nd' 'sha256-Z82Oe+Iv8WIpM1ioymuc3HlSLThe89MSaAQSYMybkAs=' https://www.google.com https://maps.google.com https://www.gstatic.com https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://sentry.io https://tickets.norwichartscentre.co.uk; connect-src 'self' https://sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' https://fonts.gstatic.com https://www.google.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/2740052/security/?sentry_key=8f009899699b4dd281f6d1466e6a2b92 1
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 'self' 'unsafe-inline'; img-src https: data: blob: 'self'; frame-src https: 'self' ; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: * 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.twitter.com *.twimg.com www.youtube.com s.ytimg.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.twitter.com *.twimg.com *.youtube.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net; connect-src 'self' https://sentry.io https://maps.google.com https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.consumercare.net *.econsumeraffairs.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com/; font-src 'self' *.gstatic.com; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
policy-uri /'unsafe-inline' 1
base-uri 'self'; child-src 'self' gap: blob: assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com *.giga.com.sg *.axlecloud.info spit-fire-1cbb5.firebaseapp.com api.braintreegateway.com cx.getcloudcherry.com accounts.google.com www.googletagmanager.com www.youtube.com youtube.com https://insight.adsrvr.org; frame-src 'self' gap: blob: assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com *.giga.com.sg *.axlecloud.info spit-fire-1cbb5.firebaseapp.com api.braintreegateway.com cx.getcloudcherry.com accounts.google.com www.googletagmanager.com www.youtube.com youtube.com https://insight.adsrvr.org; connect-src 'self' api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.googleapis.com *.getcloudcherry.com accounts.google.com plugin.ucads.ucweb.com www.google-analytics.com stats.g.doubleclick.net sdk.iad-03.braze.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob: assets.braintreegateway.com checkout.paypal.com data: cx.getcloudcherry.com www.google-analytics.com gjtrack.ucweb.com stats.g.doubleclick.net www.google.com.sg www.google.com i.vimeocdn.com www.googletagmanager.com csi.gstatic.com downloads.mailchimp.com gallery.mailchimp.com https://www.facebook.com https://badge.seedly.sg/giga!/giga_rectangle_light.png https://badge.seedly.sg/giga!/giga_square_light.png https://api.grab.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.com.sg blob:; script-src 'self' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com cx.getcloudcherry.com c.paypal.com *.axlecloud.info apis.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com youtube.com acbot2.giga.com.sg downloads.mailchimp.com mc.us3.list-manage.com js.appboycdn.com/web-sdk/2.4/appboy.min.js connect.facebook.net https://js.adsrvr.org/up_loader.1.1.0.js https://www.googleadservices.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=9vuG04dtTTSSHy4ssayX19Yz9FzHvQiu7U33vjTLaki47Bz72kMGGlO%2fmWaxqEDWTxGu24jvxXcW0Ok4GoxBklP2au3wR1QoZY2yQne49JyVzzKHKmk5NxmTCWe38eGpwfOJL9Kz8CTf6sLXNkY4rzdrUL6%2b7Jpq8gcXPQ1aVF7PXwo3K4itm%2fex7umI0bIN; 1
script-src 'nonce-dnXZWD9DMH9BUeVmX12s9t6XG1w=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com *.snap.licdn.com *.bing.com *.hotjar.com *.facebook.net *.hs-scripts.com *.hs-banner.com *.hotjar.com *.hs-banner.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hs-analytics.net *.licdn.com *.hsforms.net *.hsforms.com *.amazonaws.com https://js-agent.newrelic.com/ https://js.hs-scripts.com/4992274.js; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com https://stats.g.doubleclick.net https://px.ads.linkedin.com/collect https://bat.bing.com/ https://www.google.co.uk/ads/ga-audiences *.linkedin.com *.hubspot.com *.hubspot.net; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com *.hs-scripts.com *.hotjar.com *.hubspot.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx https://vc.hotjar.io/views/1483048 *.hubspot.com *.hotjar.com https://bam.nr-data.net https://stats.g.doubleclick.net ; report-uri https://csp-report-uri.bureauveritas.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mail-scanner.eu https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src https: 'self'; script-src https: 'unsafe-inline' 'self'; style-src https: 'unsafe-inline' 'self' 1
deafult-src 'self' 1
default-src 'self' http:  https: *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 1
default-src 'self'; manifest-src resources.staging.obie.ai resources.obie.ai 'self'; connect-src 'self' va.tawk.to static-v.tawk.to static-v7.tawk.to *.tawk.to wss://*.tawk.to api.taplytics.com ping.taplytics.com obie.ai staging.obie.ai integrations.obie.ai integrations.staging.obie.ai tasytt.com staging.tasytt.com app.getsitecontrol.com api.amplitude.com www.google-analytics.com *.doubleclick.net api.intercom.io api-iam.intercom.io api-ping.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com; frame-src 'self' va.tawk.to calendly.com optimize.google.com www.loom.com bid.g.doubleclick.net extension.staging.obie.ai extension.obie.ai; font-src 'self' data: use.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com static-v.tawk.to js.intercomcdn.com; style-src 'self' optimize.google.com fonts.gstatic.com fonts.googleapis.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net maxcdn.bootstrapcdn.com obie.ai staging.obie.ai extension.staging.obie.ai extension.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com cdn.jsdelivr.net cdnjs.cloudflare.com p.typekit.net 'unsafe-inline'; script-src 'self' code.jquery.com maxcdn.bootstrapcdn.com obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.heapanalytics.com maps.googleapis.com aivalabs.com my.hellobar.com js.taplytics.com www.google-analytics.com connect.facebook.net embed.tawk.to ct.capterra.com www.googleadservices.com assets.calendly.com widgets.getsitecontrol.com st.getsitecontrol.com app.getsitecontrol.com tracking.g2crowd.com ajax.googleapis.com d3e54v103j8qbb.cloudfront.net extension.staging.obie.ai extension.obie.ai cdn.amplitude.com optimize.google.com sjs.bizographics.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com googleads.g.doubleclick.net checkout.stripe.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' optimize.google.com www.google.com www.google.ca obie.ai staging.obie.ai resources.obie.ai resources.staging.obie.ai tasytt.com staging.tasytt.com obie-web-content.azureedge.net obie-dashboard-content.azureedge.net cdn.jsdelivr.net cdnjs.cloudflare.com www.facebook.com www.google-analytics.com data: static-v.tawk.to stats.g.doubleclick.net www.googletagmanager.com *.doubleclick.net *.linkedin.com *.adsymptotic.com extension.staging.obie.ai extension.obie.ai app.getsitecontrol.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com messenger-apps.intercom.io *.intercom-attachments.com hi.hellobar.com uploads-ssl.webflow.com 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.servmetric.com *.govmetric.com  *.obi4wan.com *.pusher.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.servmetric.com *.govmetric.com; img-src 'self' data: *.servmetric.com *.govmetric.com *.obi4wan.com *.amazonaws.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io; media-src 'self'; frame-src 'self' *.servmetric.com *.govmetric.com ; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com; connect-src 'self' *.obi4wan.com *.pusher.com wss://*.pusher.com; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net tagmanager.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edg tagmanager.google.come.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net p.typekit.net nr-data.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src data: 'self'; frame-src 'self' 1
default-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; referrer no-referrer; style-src 'self' 'unsafe-inline' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; img-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleapis.com *.gstatic.com apis.google.com *.googleadservices.com *.doubleclick.net *.mouseflow.com *.youtube.com *.vimeo.com *.google.com *.google.nl *.mijnwefact.nl *.ytimg.com *.feedbackcompany.nl 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com adservice.google.com adservice.google.ru adservice.google.com.ua adservice.google.co.uz ulogin.ru *.ulogin.ru vk.com google.com *.google.com liveinternet.ru *.liveinternet.ru yadro.ru *.yadro.ru ; object-src 'self' *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com ; img-src 'self' * data: blob: filesystem:; media-src 'self' ; font-src 'self' *.gstatic.com *.googleapis.com netdna.bootstrapcdn.com; frame-src 'self' *.doubleclick.net www.youtube.com vk.com *.vk.com ulogin.ru *.ulogin.ru; connect-src 'self' adservice.google.com *.google-analytics.com *.gstatic.com *.googlesyndication.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com data: 1
frame-ancestors 'self' www.pro-agent.com www.google.com; 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
default-src 'self' *.atlas-elektronik.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.atlas-elektronik.com *.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com translate.google.com hello.myfonts.net platform.linkedin.com www.xing-share.com www.linkedin.com netdna.bootstrapcdn.com use.typekit.net; style-src 'self' 'unsafe-inline' *.atlas-elektronik.com fonts.googleapis.com use.typekit.net p.typekit.net translate.googleapis.com translate.google.com hello.myfonts.net www.xing-share.com; img-src 'self' data: *.atlas-elektronik.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com csi.gstatic.com maps.gstatic.com translate.google.com www.google.com/images/ www.gstatic.com/images/ static.licdn.com www.linkedin.com p.typekit.net; font-src 'self' data: use.typekit.net fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' *.atlas-elektronik.com *.googleapis.com www.youtube.comuse.typekit.net; object-src 'self' *.atlas-elektronik.com www.youtube.com; frame-src 'self' *.atlas-elektronik.com apis.google.com accounts.google.com www.youtube.com www.facebook.com platform.linkedin.com platform.twitter.com www.xing-share.com; upgrade-insecure-requests 1
default-src 'self' *.soundcloud.com *.sndcdn.com *.tepapa.govt.nz; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com  https://www.riddle.com/files/css/; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org script.hotjar.com; frame-src 'self' walls.io *.rezdy.com *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com script.hotjar.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com stats.g.doubleclick.net https://www.catalyst-analytics.nz/piwik.php; report-uri /report-csp-violation 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://nhs.attendanywhere.com https://feeds.trac.jobs/ 1
frame-ancestors *; 1
script-src 'unsafe-inline' 'unsafe-eval' https://browser.sentry-cdn.com/5.15.5/bundle.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.livechatinc.com:* https://*.hotjar.com:* https://*.facebook.net:* https://*.cloudfront.net:* https://*.amazonaws.com:* https://*.fastinvest.com:* https://*.trustpilot.com:* https://*.google.com:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://*.google-analytics.com:* https://*.ads-twitter.com:*  https://*.twitter.com:* https://*.twimg.com https://www.googleadservices.com:* https://www.fastinvest.com:* https://googleads.g.doubleclick.net:* https://mc.us18.list-manage.com:* https://*.mailchimp.com:* https://*.mailerlite.com:* 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://filter1.antispam-login.net https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' https://*.doubleclick.net https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua 1
base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src 'self' gap: *.google.com *.googletagmanager.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src script.google.com 'self' sitesearch360.com wss://*.hotjar.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google-analytics.com *.hotjar.com *.hotjar.io *.investis.com *.sitesearch360.com *.twimg.com *.twitter.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com; script-src gap: 'self' mpsnare.iesnare.com sitesearch360.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com vars.hotjar.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=X%2bxL7%2bERAvZTiyKlSQbTxry9Fl5o60B%2fnBg6xWVInycaOTJcnMuI5EG%2bHLHgLMNUQcfYCpsqrJk2t1JoPFQQ%2fuYgYlH03%2bCzyGDeqhNby7WdeyzPcxFSWzvuolapq4S4%2fCs%2bg5tJS7nlUEItS%2bfdmlVX15k4GKCCsw7pUX2s5jNHV0DLYYf1JKT09dJ9EcZJzRDhm5byBlV7vL0fVZEd%2bw%3d%3d; 1
frame-ancestors 'self' https://*.salesforce.com 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' wss://main.weku.io:8190 https://dallas.weku.io:8190 https://dallas.weku.io wss://dallas.weku.io:8190 translate.google.com translate.googleapis.com wss://news.weku.io:8190 https://images2.weku.io https://images2.weku.io:8234 wss://chain.weku.io api.weku.io https://images.weku.io https://images.weku.io:8234; default-src 'self' translate.google.com translate.googleapis.com www.youtube.com weku.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.js *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.iubenda.com *.fontawesome.com *.google-analytics.com *.jquery.com *.bootstrapcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/libs/cropperjs/1.5.1/cropper.min.css *.googleapis.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com; img-src 'self' data: *.atdmt.com *.facebook.com *.youtube.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jquery.com *.iubenda.com; frame-src 'self' *.facebook.com *.google.com *.iubenda.com *.youtube-nocookie.com; font-src 'self' *.gstatic.com *.fontawesome.com *.bootstrapcdn.com; connect-src 'self' *.iubenda.com *.google-analytics.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
frame-ancestors 'self' *.swisse.com.au; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' embed.culturalspot.org www.tripadvisor.com.hk *.google-analytics.com www.google.com www.gstatic.com *.googleapis.com live.staticflickr.com; font-src 'self' data:; style-src 'self' 'unsafe-inline';img-src 'self' www.tripadvisor.com.hk *.google-analytics.com live.staticflickr.com data: 1
default-src 'self' *.youtube.com *.google.com *.gravatar.com data: *.typekit.net *.google-analytics.com *.amazonaws.com *.googleapis.com *.gstatic.com; style-src 'self' *.googleapis.com *.cloudflare.com 'unsafe-inline' *.cloudfront.net *.cloudflare.com; script-src 'self' 'unsafe-inline' *.polyfill.io *.newrelic.com *.nr-data.net *.cloudfront.net *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com; font-src 'self' *.gstatic.com data: *.typekit.net 1
default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com  1
frame-ancestors scvr.co *.scvr.co 1
default-src https://www.cryptshare.com; script-src 'unsafe-inline' 'unsafe-eval' https://www.cryptshare.com https://landing.cryptshare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://api.hubspot.com https://api.hubapi.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hscta.net https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://www.google-analytics.com/ https://bat.bing.com/ https://snap.licdn.com https://js.usemessages.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'unsafe-inline' https://www.cryptshare.com https://landing.cryptshare.com; img-src data: https://www.cryptshare.com https://landing.cryptshare.com https://no-cache.hubspot.com https://www.google.com https://www.google.de https://www.google-analytics.com/ https://bat.bing.com/ https://track.hubspot.com https://stats.g.doubleclick.net https://px.ads.linkedin.com; media-src https://www.cryptshare.com; frame-src https://www.cryptshare.com https://consentcdn.cookiebot.com https://app.hubspot.com/ https://www.youtube.com; font-src https://www.cryptshare.com https://landing.cryptshare.com; connect-src data: https://www.cryptshare.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://bat.bing.com 1
default-src 'self' https://*.triplevision.nl; child-src 'self' https://*.triplevision.nl https://triplevisiondigital.com https://www.google.com https://paypal.com https://vimeo.com https://youtube.com https://twitter.com https://*.logrocket.com data: blob:; connect-src 'self' wss://*.hotjar.com wss://*.triplevision.nl https://*; font-src 'self' https:; frame-src 'self' https://blackfire.io https://vars.hotjar.com/ https://www.google.com/recaptcha/; img-src 'self' data: http: https:; script-src 'self' https://*.triplevision.nl https://ajax.googleapis.com https://cdn.ampproject.org https://cdn.logrocket.com https://code.jquery.com https://platform.twitter.com https://maps.googleapis.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com data: https: 'unsafe-inline'; style-src 'self' https://*.triplevision.nl https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://*.twimg.com 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hypovbg.at https://cdnjs.cloudflare.com https://google.com https://www.google.com https://tagmanager.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://e.issuu.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; object-src 'self' https://*.youtube.com; style-src 'self' 'unsafe-inline' https://*.hypovbg.at google.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; img-src 'self' data: https://*.hypovbg.at https://google.com https://www.google.com https://analytics.arz.at https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://maps.google.com https://maps.googleapis.com https://*.gstatic.com https://consent.cookiebot.com https://kurse.banking.co.at; media-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://kurse.banking.co.at https://*.hypovbg.at https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://e.issuu.com; font-src 'self' https://*.hypovbg.at https://fonts.googleapis.com; connect-src 'self' 1
default-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com lidl.media01.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 1
default-src 'self' data: *.avaus.io *.avaus.com *.avaus.fi *.avaus.se *.facebook.net *.google.fi *.bizographics.com *.linkedin.com *.facebook.com *.marketo.com *.mktoresp.com *.marketo.net *.juicer.io *.instagram.com *.google.com *.google.se *.googleanalytics.com *.appspot.com player.vimeo.com *.vimeocdn.com cdnjs.cloudflare.com use.fontawesome.com *.adform.net *.google-analytics.com *.googleadservices.com *.doubleclick.net *.gstatic.com *.google.pl *.youtube.com *.ytimg.com *.ggpht.com *.vendemore.com *.cookiebot.com *.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.slideshare.net *.slidesharecdn.com app.interactiveads.ai leadfeeder.com *.leadfeeder.com *.lfeeder.com snap.licdn.com 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; font-src * 'self' data:; form-action 'self' pro.ip-api.com https://va.tawk.to *.tawk.to api.shuuka.com;frame-ancestors 'self' ;object-src 'self'; script-src pro.ip-api.com *.metomic.io 'self' https://cdn.ampproject.org https://www.googletagmanager.com 'nonce-googleInlineScript' 'nonce-photoSliderInlineScript' 'nonce-scrollingEffect' 'nonce-jqueryInlineScript' 'nonce-tawkInlineScript' https://fast.wistia.com *.wistia.com https://player.vimeo.com/ 'sha256-qznLcsROx4GACP2dm0UCKCzCG-HiZ1guq6ZZDob_Tng=' https://cdn.jsdelivr.net https://embed.tawk.to https://apis.google.com https://www.google-analytics.com http://www.google-analytics.com; child-src https://cdn.jsdelivr.net https://fast.wistia.com http://www.google-analytics.com; worker-src 'self' blob: data:; img-src * 'self' https: data: https://api.shuuka.com shuuka.com https://cdn.jsdelivr.net https://www.google-analytics.com http://www.google-analytics.com; frame-src 'self' https://player.vimeo.com; 1
default-src 'none'; img-src 'self' *.oettinger-physics.de data:  cdnjs.cloudflare.com unpkg.com ; script-src 'self' *.oettinger-physics.de 'nonce-p8J204dQ4wutKao3i02oZBU2uuQ=' cdnjs.cloudflare.com unpkg.com ; style-src 'self' *.oettinger-physics.de cdnjs.cloudflare.com unpkg.com ; font-src 'self' cdnjs.cloudflare.com www.oettinger-physics.de;  base-uri 'self'; form-action 'self'  ; frame-ancestors 'self' www.oettinger-physics.de 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://spamfilter.gr https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval' 1
default-src https:; script-src 'self' 'nonce-qBCVIFQGbe6FcD/i4x9qtSblJf1NV0MS'; object-src 'self'; style-src 'self' 'nonce-E8QZWu7wWB+/wZA1mUqFCZ3/Qp2qIObS'; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com 1
script-src 'self' 'unsafe-inline' https://fr.fbhackpass.com https://stats.g.doubleclick.net https://www.google-analytics.com; base-uri 'self'; img-src 'self' data: https://stats.g.doubleclick.net https://www.google-analytics.com 1
default-src 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self' https://www.psw-training.de https://www.psw-consulting.de https://www.hpkp-faq.de https://dev.psw.de https://www.itsig-faq.de; 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self' *.nspa.org.uk *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
default-src 'self' *.dollplanet.ru dollplanet.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dollplanet.ru dollplanet.ru my2.imgsmail.ru http://www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com cdn.connect.mail.ru mc.yandex.ru *.yandex.ru *.youtube.com https://www.youtube.com http://www.google-analytics.com https://www.google-analytics.com https://*.staticflickr.com https://flic.kr https://www.flickr.com ; object-src 'self' *.dollplanet.ru dollplanet.ru http://www.gstatic.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.macromedia.com *.ytimg.com ytimg.com *.googlevideo.com googlevideo.com *.yandex.ru ; style-src 'self' 'unsafe-inline' *.dollplanet.ru dollplanet.ru *.yandex.ru ; img-src 'self' *.dollplanet.ru dollplanet.ru http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com barbieplanet.ru www.dollyshouse.ru http://*.photobucket.com https://fotki.yandex.ru https://img-fotki.yandex.ru http://counter.yadro.ru  *.yandex.ru ; data: vk.com yastatic.net http://www.liveinternet.ru counter.yadro.ru mc.yandex.ru http://www.google-analytics.com https://www.google-analytics.com http://www.dolltime.ru https://*.staticflickr.com https://flic.kr https://www.flickr.com https://www.youtube.com  *.yandex.ru ; media-src 'self' *.dollplanet.ru dollplanet.ru https://www.youtube.com http://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com *.youtube.com *.googlevideo.com; frame-src 'self' *.dollplanet.ru dollplanet.ru connect.mail.ru googleads.g.doubleclick.net vk.com http://www.youtube.com https://www.youtube.com https://*.staticflickr.com https://flic.kr https://www.flickr.com  *.yandex.ru ; font-src 'self' *.dollplanet.ru dollplanet.ru *.yandex.ru ; connect-src 'self' *.dollplanet.ru dollplanet.ru mc.yandex.ru *.gstatic.com *.yandex.ru  1
frame-ancestors 'self'; 1
default-src 'self' *.fuelrats.com *.stripe.com www.google.com blob:; connect-src 'self' wss://*.fuelrats.com; base-uri 'none'; script-src 'self' 'nonce-1a1a6baa-4cb6-4b1a-b4cf-dd619aae9512' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.fuelrats.com *.stripe.com www.google.com; img-src 'self' *.fuelrats.com *.stripe.com www.google.com api.adorable.io *.wp.com blob:; media-src 'self'; object-src 'self'; font-src 'self' fonts.gstatic.com 1
default-src 'self' data:; script-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://cdn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.gstatic.com https://ajax.googleapis.com https://*.pendo.io https://*.storage.googleapis.com https://fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://mx1.spamfri.dk https://sentry.io; img-src 'self' http://hn.inspectlet.com https://*.pendo.io https://*.storage.googleapis.com data:; font-src 'self' https://fonts.gstatic.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com 1