Values for x-webkit-csp:
report-uri /report-csp-violation 39
default-src 'self' 36
default-src 'self'; 18
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 13
allow 'self'; 13
referrer origin 12
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com 10
frame-ancestors 'self' 10
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com 8
default-src 'self'; script-src 'self' 'unsafe-inline' 6
defult-src 'self' 6
report-uri //report-csp-violation 5
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 4
frame-ancestors 'self' https://*.salesforce.com 4
3
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.doubleclick.net  www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthis.com m.addthisedge.com m.addthis.com w.estat.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com ajax.googleapis.com; base-uri 'self'; 3
frame-ancestors *.splunk.com *.touchcast.com 3
frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://cx.sap.com https://cx.sap.com https://nopreview.ru http://dev-cx.calliduscloud.com https://dev-cx.calliduscloud.com http://stage-cx.calliduscloud.com https://stage-cx.calliduscloud.com https://gigya.staging.wpengine.com https://www.gigya.com https://gigyadev.wpengine.com *.lookbookhq.com https://cloudplatform-qa.sap.com https://cloudplatform.sap.com;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net http://dewdfbcmcps10:1080 http://dewdfbcmcps10 https://bcmcps.enter.sap *.d41.co 3
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; 3
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 3
policy 3
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com https://consent.cookiebot.com qs-assets-realestate.enc-test.de form.lidl.com assets.realestate.lidl data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.bing.com *.virtualearth.net; style-src 'self' 'unsafe-inline' *.bing.com *.virtualearth.net; media-src *; object-src 'none'; 3
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 3
frame-ancestors 'self' weleda.sabio.de 3
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3
frame-ancestors 'self' https://*.etracker.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.net https://*.marketo.com https://*.addthis.com https://*.addthisedge.com https://*.google-analytics.com https://*.optimizely.com https://*.googleadservices.com https://platform.twitter.com https://app.hushly.com https://*.reactful.com https://connect.facebook.net https://graph.facebook.com https://bat.bing.com https://*.crazyegg.com https://*.adroll.com https://snap.licdn.com https://*.linkedin.com https://www.youtube.com https://s.ytimg.com  https://d137jyf8bmrjar.cloudfront.net https://jobs.jobvite.com https://cdnjs.cloudflare.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/reviews_list.js https://seal.digicert.com https://www.bizographics.com https://secure.adnxs.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://j.6sc.co; object-src *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://*.marketo.net https://*.marketo.com https://app.hushly.com http://app.hushly.com https://d30ia583fbtg8i.cloudfront.net/reviews_list/style.css https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; img-src * data:; media-src *; frame-src https://*.sageintacct.com https://*.intacct.com https://*.optimizely.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://forecast.io https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net; font-src *; connect-src *; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.boldchat.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.boldchat.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de http://tacho-beta.netcologne.de https://www.netcologne.de https://bat.bing.com https://connect.facebook.net http://www.googletagmanager.com http://www.googletagmanager.com/gtm.js https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://partners.webmasterplan.com https://www.google.de https://seal.thawte.com https://www.googleadservices.com https://cdn.exactag.com https://m.exactag.com https://www.google.com https://optimize.google.com https://clients1.google.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://avatar.netcologne.de https://www.kabelkiosk.de https://tagmanager.google.com https://ssl.gstatic.com http://www.google.de http://www.google.com http://clients1.google.com http://maps.google.com http://maps.gstatic.com http://maps.googleapis.com http://mts0.googleapis.com http://mts1.googleapis.com https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://cdn.m-pathy.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://netcologne.lamapoll.de https://r.df-srv.de; 2
upgrade-insecure-requests 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.google-analytics.com cdn.optimizely.com *.bugherd.com *.marketo.com *.googletagmanager.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com *.callrail.com content.healthwise.net cdn.merklesearch.com *.rkdms.com cdn.rawgit.com cdnjs.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com; object-src 'self' video.limelight.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com api.northwell.edu content.healthwise.net stage-api.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net; report-uri /report-csp-violation 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com http://clinicfinder.cochlear.com *.linkedin.com http://www.cvent.com http://cochlearevents.cvent.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net http://clinicfinder.cochlear.com *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' localhost:8080 *.cvent.com *.linkedin.com http://clinicfinder.cochlear.com   *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.google-analytics.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data:  *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com http://test-iwh-de.cochlear.com http://test.cochlear.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.adnxs.com *.swiftype.com *.googletagmanager.com *.google.com *.leadspediatrack.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com  *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com http://go.cochlear.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de *.salesforceliveagent.com *.amazonaws.com; style-src 'self'  'unsafe-inline' 'unsafe-eval'  *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: blob:; media-src *; frame-src *; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src *; font-src * data:; connect-src *; report-uri /nl/report-csp-violation 2
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 2
default-src 'unsafe-inline' https://fonts.googleapis.com https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com  https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; script-src * 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; style-src 'unsafe-inline' https://fonts.googleapis.com https://*.google.com https://ls.hit.gemius.pl https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com; img-src 'self' https://moventum.com.pl https://*.youtube.com http://axa.test.emex.pl https://www-tra.axadirect.pl https://www.facebook.com https://www.google.pl https://axadirect.pl https://*.axadirect.pl https://*.axaubezpieczenia.pl https://*.googleapis.com https://*.gstatic.com https://axadirect.pl https://*.axadirect.pl https://pagead2.googlesyndication.com https://ls.hit.gemius.pl https://*.google.com https://www.google-analytics.com https://*.gemius.pl https://*.facebook.com https://www.axaonline.pl https://*.axa.pl https://axa.pl https://df.axa.pl https://*.doubleclick.net https://script.crazyegg.com https://app3.salesmanago.pl https://nan.netmng.com https://pl-axa.netmng.com https://pl-axa.qa.netmng.com  https://client2.inteliwise.com https://s3-eu-west-1.amazonaws.com https://*.amazonaws.com https://pixel.mathtag.com https://u3s.mathtag.com https://dms.netmng.com https://axa.pl data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru v.actionteaser.ru jwpsrv.com *.jwpcdn.com ads.actionteaser.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru  trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
frame-ancestors https://www.compraonline.bonpreuesclat.cat https://www.bonpreuesclat.cat 2
default-src 'self' https://*.maersk.com https://*.maerskline.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maerskline.com https://*.akamaihd.net https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://dc.ads.linkedin.com https://snap.licdn.com; img-src 'self' https://*.maersk.com https://*.maerskline.com https://*.google.com  https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk  https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com   https://cs.adingo.jp  https://admaym.com https://ih.adscale.de  https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/ https://player.vimeo.com/video/; font-src 'self'  https://*.gstatic.com https://*.googleapis.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.ytimg.com *.vimeo.com *.audioeye.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com https://cdn.knightlab.com; report-uri /report-csp-violation 2
object-src 'self' *.google.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com 2
report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' data:; script-src * data: 'unsafe-inline' 'unsafe-eval' ; object-src 'self' data:; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' data:; media-src * 'self' data:; frame-src *; font-src *; connect-src * 'self' data: 2
default-src https: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.cloudfront.net *.tradingview.com *.googleapis.com; img-src 'self' *.tradingview.com *.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.googleapis.com; 2
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
default-src 'self' *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src   https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 2
referrer no-referrer 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-scripts.com *.addthis.com *.addthisedge.com *.linkedin.com *.pinterest.com *.facebook.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.gstatic.com *.google.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.usemessages.com *.hsleadflows.net *.googleadservices.com *.sumome.com *.doubleclick.net *.facebook.net *.b-cdn.net *.youtube.com *.ytimg.com *.kxcdn.com *.hubspot.com *.hsforms.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.iubenda.com *.ckeditor.com *.webspellchecker.net *.kxcdn.com *.b-cdn.net *.google.com; img-src 'self' *.hubspot.com *.acquia-sites.com data: *.ckeditor.com *.webspellchecker.net sumo.com *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hubspot.net *.ytimg.com *.gstatic.com *.googleapis.com *.facebook.com *.google.co.za *.google.it *.google.co.uk *.google.co.id *.google.de *.google.pl *.google.fr *.google.ru *.google.cn *.google.es *.google.com.br *.google.co.nz *.google.com.pr *.google.hr *.google.com.pa *.google.at *.google.ca *.google.gr *.google.com.au *.google.com.hk *.google.com.ph *.google.com.tr *.google.fi *.google.co.jp *.google.com.kh *.google.com.my *.google.co.ke *.google.se *.google.co.il *.google.com.sg *.google.co.th *.google.co.in *.google.ae *.google.co.kr *.google.lk *.googletagmanager.com *.google.com.do *.google.bg *.google.rs *.google.hu *.google.pt *.google.ro *.google.com.co *.google.ch *.google.com.mx *.google.lv *.google.com.vn *.google.no; frame-src 'self' *.google.com *.addthis.com *.youtube.com *.vrcloud.co vrcloud.co *.vrcloud.com vrcloud.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.facebook.net *.hubspot.com; font-src 'self' *.gstatic.com *.addthis.com; connect-src 'self' *.addthis.com *.webspellchecker.net sumo.com *.hubspot.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com; report-uri /report-csp-violation 2
default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-ddd08672d18665df73840e849b446f0511b18454' https://api.geetest.com https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://static.geetest.com https://translate.googleapis.com; font-src 'self' data: https://at.alicdn.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com; connect-src 'self' https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://translate.googleapis.com wss://jpush.binance.im:5000 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' data: https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src 'none'; base-uri 'self' 1
policy-uri /parivahan/'self' 1
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1
frame-ancestors *.payback.de 1
child-src 'self' player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' api.blocktrades.us steemit.com wss://steemd.steemit.com wss://steemd-int.steemit.com steemitimages.com cdn.steemitimages.com api.steemit.com api-int.steemit.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self'; object-src 'self'; 1
frame-ancestors 'self' https://*.cdn.ampproject.org 1
default-src 'self' rufilm.tv rufilmtv.org 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club news.gnezdo.ru *.gnezdo.ru news.2xclick.ru smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info accommon.info samnioc.info dialected.info alphamrkt.com *.supuv2.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com adbetnet.com m-shes.ru etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com mylma.gdn cdn.hgdat.com hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv tvc.ru m-shes.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net advmaker.su yt.advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru vogozae.ru 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com; report-uri /report-csp-violation 1
default-src 'self' https://lxelma5p.bfinv.de ; style-src 'self' ; media-src 'self' https://www.elster.de https://download.elster.de ; img-src 'self' https://www.elster.de https://anycast.elster.de ; form-action 'self' ; connect-src 'self' https://lxelma5p.bfinv.de ws: wss: https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; frame-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com; 1
default-src 'self' *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it 'unsafe-inline' 'unsafe-eval';img-src 'self' data: i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it; style-src 'self' *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com; frame-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; child-src 'self' opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com; font-src 'self' data: opendataavcp.interno.it *.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com  *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors https://apps.facebook.com http://www.clickjogos.com.br http://clickjogos.com.br https://www.clickjogos.com.br https://clickjogos.com.br http://tibia.uol.com.br https://tibia.uol.com.br 'self' 1
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 1
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' live-aclu-d7.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aclu.org live-aclu-d7.pantheonsite.io *.documentcloudBLOCK.org squizlabs.github.io js-agent.newrelic.com bam.nr-data.net aclu.tt.omtrdc.net cdn.tt.omtrdc.net www.youtube.com/iframe_api s.ytimg.com static.chartbeat.com static2.chartbeat.com *.chartbeat.com; object-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; style-src 'self' 'unsafe-inline' *.aclu.org live-aclu-d7.pantheonsite.io squizlabs.github.io cdn.tt.omtrdc.net; img-src 'self' 'unsafe-inline' data: *.aclu.org live-aclu-d7.pantheonsite.io *.xip.io img.youtube.com s3.amazonaws.com smetrics.aclu.org squizlabs.github.io aclu.org omnitureengineering.d1.sc.omtrdc.net *.chartbeat.net; media-src 'self'  *.aclu.org live-aclu-d7.pantheonsite.io; frame-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io *.youtube-nocookie.com *.facebook.com *.youtube.com *.newsbound.com *.vote411.org https://fora.tv *.ted.com *.storify.com *.mtvnservices.com *.thinglink.com *.theguardian.com filestorage.aclu.org *.omniture.com georgejosephmapping.carto.com w.soundcloud.com chartbeat.com *.chartbeat.com; font-src 'self' data: *.aclu.org live-aclu-d7.pantheonsite.io; connect-src 'self' live-aclu-d7.gotpantheon.com graph.facebook.com phone.reverehq.com https://action.aclu.org live-aclu-d7.pantheonsite.io https://aclu.tt.omtrdc.net mab.chartbeat.com; report-uri /admin/config/system/seckit/csp-report 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ok-cloud.net:* *.openbank.es:* https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tags.tiqcdn.com *.google-analytics.com:* *.tealiumiq.com:* https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net *.adnxs.com *.ytimg.com api-ob.nd.nudatasecurity.com https://js-agent.newrelic.com https://cdnssl.clicktale.net *.googletagmanager.com *.wbtrk.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.amazonaws.com *.openbankwealth.com *.openbank.es api-ob.nd.nudatasecurity.com; img-src 'self' data: 'unsafe-inline' *.amazonaws.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com data: *.iconfinder.com *.google-analytics.com *.doubleclick.net  *.openbank.es *.google.com *.google.com.co *.google.es *.google.ie *.facebook.com api-ob.nd.nudatasecurity.com https://aax-eu.amazon-adsystem.com https://openbanklive01.wt-eu02.net; media-src 'self' 'unsafe-inline' *.amazonaws.com  *.openbank.es *.youtube.com; frame-src  https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; child-src  https://www.google.com https://csi.gstatic.com *.youtube.com simulatorsjs-testing.azurewebsites.net simuladores-pre.afi.es simuladores.afi.es *.weborama.fr *.doubleclick.net api-ob.nd.nudatasecurity.com https://openjobs.openbank.es; font-src 'self' data: https://fonts.gstatic.com *.openbankwealth.com api-ob.nd.nudatasecurity.com; connect-src *.ok-cloud.net:* *.openbank.es:* openbank-dev pub-local.ok-cloud.net openbank.ci openb.mockable.io *.tealiumiq.com api-ob.nd.nudatasecurity.com 1
upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 1
frame-ancestors tags.tiqcdn.com survey.hlb.com.my www.hlb.com.my apps.facebook.com www.facebook.com *.vivocha.com *.youtube.com *.facebook.com staticxx.facebook.com www.googletagmanager.com gateway.hlb.com.my www.ecloan.com.my aem-preprod.hlb.com.my aem-preprod.hlisb.com.my www.hlisb.com.my https://www.google.com www.google.com optimize.google.com 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
style-src 'unsafe-inline' cdn.welcometothejungle.co tagmanager.google.com fonts.googleapis.com; script-src 'unsafe-inline' cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net; img-src http: https: blob:; media-src cdn.welcometothejungle.co; font-src cdn.welcometothejungle.co fonts.gstatic.com data:; frame-src 'self' platform.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com soundsgood.co play.soundsgood.co connect.facebook.net w.soundcloud.com; connect-src https://api.welcometothejungle.co wss://api.welcometothejungle.co *.algolianet.com *.algolia.net *.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://use.typekit.net https://*.googleapis.com https://*.googletagmanager.com https://platform.twitter.com https://www.google-analytics.com https://www.youtube.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://s.ytimg.com https://*.google.com https://*.gstatic.com https://*.addtoany.com https://*.addthis.com https://www.speedybooker.com https://pixel.activengine.com https://*.google.com https://c.flx1.com https://go.flx1.com https://*.googleadservices.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://pixel.sitescout.com https://*.google.co.uk https://*.adnxs.com https://*.issuu.com https://*.sitemorse.com https://netnatives.calltracks.com http://widget.unistats.ac.uk/ https://www.questionpoint.org https://ajax.cloudflare.com/cdn-cgi/scripts/78d64697/cloudflare-static/email-decode.min.js; object-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' https://*.issuu.com https://*.sitemorse.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://avd.innity.net http://ajax.googleapis.com https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://singpost.widget.custhelp.com https://fonts.googleapis.com https://google.com https://www.rnengage.com https://maps.googleapis.com https://snap.licdn.com https://www.google-analytics.com https://px.ads.linkedin.com https://developers.google.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://www.google-analytics.com http://singpost.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com http://singpost.widget.custhelp.com https://www.linkedin.com; img-src 'self' http://www.google-analytics.com http://www.specommerce.com.s3.amazonaws.com http://d2vqszxem296au.cloudfront.net https://www.mysam.sg https://stats.g.doubleclick.net http://cdn.feedbackify.com http://s3.amazonaws.com https://maps.gstatic.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://maps.googleapis.com http://www.w3.org data: http://cx.atdmt.com https://www.linkedin.com https://www.googletagmanager.com; frame-src 'self' https://www.facebook.com https://www.google.com; font-src 'self' https://fonts.googleapis.com  http://www.google-analytics.com  https://fonts.gstatic.com; connect-src 'self' http://www.google-analytics.com https://maps.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1
frame-src *; 1
script-src 'unsafe-inline' 'self' maps.google.com maps.googleapis.com 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: *.stripe.com; img-src *; font-src 'self' data: https:; connect-src 'self' data: https: *.stripe.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://*.ndlah5p.com https://h5p.org https://*.ndla.no https://players.brightcove.net http://players.brightcove.net https://players.brightcove.net *.nrk.no http://nrk.no https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://cdn.auth0.com https://vjs.zencdn.net https://httpsak-a.akamaihd.net *.brightcove.com *.facebook.net *.twitter.com *.twimg.com *.brightcove.net bcove.me bcove.video *.api.brightcove.com *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.edgefcs.net *.akafms.net *.edgesuite.net *.akamaihd.net *.analytics.edgekey.net *.deploy.static.akamaitechnologies.com *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net  *.gallerysites.net ndla.no *.ndla.no ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com cdnjs.cloudflare.com https://*.zendesk.com https://static.zdassets.com; frame-src *.nrk.no nrk.no *.vg.no vg.no https://www.tv2skole.no/ https://www.scribd.com/ https://www.youtube.com ndla.no https://*.ndlah5p.com https://h5p.org *.ndla.no *.slideshare.net slideshare.net *.vimeo.com vimeo.com *.ndla.filmiundervisning.no ndla.filmiundervisning.no *.prezi.com prezi.com *.commoncraft.com commoncraft.com *.embed.kahoot.it *.brightcove.net https://*.hotjar.com embed.kahoot.it fast.wistia.com https://khanacademy.org/ *.khanacademy.org/ *.vg.no/ *.facebook.com *.twitter.com e.issuu.com new.livestream.com livestream.com channel9.msdn.com tomknudsen.no www.tomknudsen.no geogebra.org www.geogebra.org ggbm.at www.imdb.com imdb.com miljoatlas.miljodirektoratet.no www.miljostatus.no miljostatus.no phet.colorado.edu; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com *.twitter.com *.twimg.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: cdnjs.cloudflare.com https://*.hotjar.com; img-src 'self' https://*.ndla.no https://www.google-analytics.com https://stats.g.doubleclick.net http://metrics.brightcove.com https://httpsak-a.akamaihd.net https://*.boltdns.net https://www.nrk.no/ https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com *.facebook.com *.twitter.com *.twimg.com  data:; media-src 'self' blob: https://*.ndla.no *.brightcove.com brightcove.com; connect-src  'self'  https://*.ndla.no https://logs-01.loggly.com https://edge.api.brightcove.com https://*.brightcove.com https://bcsecure01-a.akamaihd.net https://hlsak-a.akamaihd.net ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.com:* https://www.google-analytics.com https://*.zendesk.com https://ekr.zdassets.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' search.usa.gov www.google-analytics.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' search.usa.gov platform.twitter.com; img-src 'self' www.google-analytics.com data: platform.twitter.com pbs.twimg.com scontent.cdninstagram.com syndication.twitter.com; frame-src 'self' www.youtube.com syndication.twitter.com platform.twitter.com www.dhs.gov; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation 1
base-uri https://bitpay.com; connect-src 'self' https://bitpay.com https://io.bitpay.com https://api.segment.io https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.log.optimizely.com https://api.mixpanel.com https://ssl.mousestats.com https://rum-collector-2.pingdom.net https://249-omd-845.mktoresp.com; default-src 'self' https://bitpay.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com; form-action 'self' https://bitpay.com https://bitpay.us7.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://bitpay.com https://www.google.com/recaptcha/api2/ https://chat.chatra.io bitcoin: https://www.youtube.com https://player.vimeo.com https://intercom-sheets.com https://bitpay.applytojob.com https://landing.bitpay.com https://bid.g.doubleclick.net; img-src 'self' data: https://bitpay.com https://www.google.com https://ssl.gstatic.com https://gravatar.com https://www.google-analytics.com https://js.intercomcdn.com https://static.intercomassets.com https://*.log.optimizely.com https://stats.g.doubleclick.net https://i0.wp.com https://i1.wp.com https://i2.wp.com https://browser-update.org https://csi.gstatic.com https://ssl.google-analytics.com/ga.js https://*.cloudfront.net https://maps.gstatic.com https://rum-collector.pingdom.net https://www.facebook.com https://px.ads.linkedin.com https://linkedin.com https://www.linkedin.com/px https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.ae https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.by https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hu https://www.google.hr https://www.google.ie https://www.google.is https://www.google.it https://www.google.kz https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.uk https://www.google.co.th https://www.google.co.tz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.jm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn; media-src 'self' https://js.intercomcdn.com/audio; report-uri /cspViolation; script-src 'self' https://bitpay.com https://io.bitpay.com https://browser-update.org https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.segment.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://www.google.com https://www.gstatic.com/recaptcha/api2/ https://*.cloudfront.net/ https://stats.g.doubleclick.net https://maps.googleapis.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://ssl.mousestats.com https://connect.facebook.net https://www.googletagmanager.com https://call.chatra.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ http://cdn.livechatinc.com/ http://ajax.googleapis.com https://www.gstatic.com/recaptcha/ http://netdna.bootstrapcdn.com/ https://secure.livechatinc.com/ https://accounts.livechatinc.com/; object-src https://www.google.com/; style-src 'self' 'unsafe-inline' http://netdna.bootstrapcdn.com/bootstrap/; img-src 'self' https://secure.livechatinc.com/; media-src https://www.youtube.com/; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://secure.livechatinc.com/ http://track.dtdc.com/; font-src 'self' http://netdna.bootstrapcdn.com/ https://cdn.livechatinc.com/ https://themes.googleusercontent.com/ https://themes.googleusercontent.com/; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com  yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1
script-src 'self' * www.googletagmanager.com use.fontawesome.com www.googleadservices.com fontawesome.com connect.facebook.net stats.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net www.google.com www.youtube.com i.ytimg.com  www.google-analytics.com ajax.googleapis.com www.gstatic.com apis.google.com az732725.vo.msecnd.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fontawesome.com ping.typekit.net www.youtube.com i.ytimg.com p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net fonts.googleapis.com az732725.vo.msecnd.net 'unsafe-inline';img-src 'self' fontawesome.com www.googleadservices.com www.youtube.com i.ytimg.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net ping.typekit.net p.typekit.net use.typekit.net cdnbtctrader.blob.core.windows.net www.google-analytics.com www.google.com ssl.gstatic.com fontawesome.com az732725.vo.msecnd.net data:;object-src 'self' fontawesome.com ping.typekit.net p.typekit.net www.youtube.com i.ytimg.com use.typekit.net cdnbtctrader.blob.core.windows.net pusher.com; 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; frame-src 'self'; img-src 'self' data: https://ps.w.org https://s.w.org https://secure.gravatar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com/cdn-cgi/scripts/; style-src 'self' 'unsafe-inline' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.samsung.com *.visa.com *.googleapis.com *.google-analytics.com *.kmda.gov.ua *.gstatic.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' gioc.kiev.ua *.gioc.kiev.ua suvorovskiy.com.ua *.suvorovskiy.com.ua *.kyivcity.gov.ua openosh.site cks.kiev.ua oschadbank.ua *.oschadbank.ua ukrticket.com.ua www.ukrticket.com.ua cks.com.ua kte.kmda.gov.ua *.kmda.gov.ua; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'self' https://*.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net https://*.igodigital.com https://scai.maerskline.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://api.massrelevance.com https://img.en25.com https://www.googletagmanager.com https://*.google-analytics.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' https://*.akamaihd.net https://scai.maerskline.com https://*.igodigital.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/ https://player.vimeo.com/video/; font-src 'self'  https://*.gstatic.com https://*.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com  http://svc.webspellchecker.net ; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://tripura.gov.in; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com https://tripura.gov.in https://cbpssubscriber.mygov.in https://w.bookcdn.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ http://164.100.127.45; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com http://fonts.googleapis.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://analytics.twitter.com https://t.co https://www.google.com/ads https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; media-src 'self'; frame-src 'self' https://trustly.desk.com https://accounts.google.com https://www.google.com/maps/embed https://maps.google.se/maps https://www.youtube.com https://tb.de17a.com https://services.trustlylabs.com/recaptcha/; script-src 'self'; font-src 'self'; connect-src 'self' https://services.trustlylabs.com https://tr.datanyze.com https://t.co https://www.salesforce.com https://api.lever.co; 1
default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com; object-src 'self' static.integromat.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.motel-one.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com *.pinterest.com *.cdninstagram.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.ytimg.com *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; connect-src 'self' *.motel-one.com *.facebook.com *.pinterest.com http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; font-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.pinterest.com; frame-src 'self' *.motel-one.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com www.instagram.com *.pinterest.com *.cdninstagram.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net http://*.m-pathy.com https://*.m-pathy.com ws://*.m-pathy.com wss://*.m-pathy.com; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self' golos.io www.youtube.com *.facebook.com vk.com; child-src 'self' www.youtube.com w.soundcloud.com *.facebook.com player.vimeo.com chat.golos.io livejournal.com www.google.com/maps/ app.powerbi.com widget.letitplay.io coub.com vk.com/video_ext.php ok.ru/videoembed/ rutube.ru/play/embed/ yandex.ru/map-widget/ music.yandex.ru www.deezer.com golosioapp:; script-src 'self' 'unsafe-inline' *.facebook.com www.google-analytics.com *.facebook.net cdn.polyfill.io *.metabar.ru mc.yandex.ru chat.golos.io media.reformal.ru cdn.ravenjs.com relap.io cdn.amplitude.com api.amplitude.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' cyber.fund lang.golos.io images.golos.io wss://push.golos.io wss://ws.golos.io wss://ws18.golos.io wss://*.golos.io *.facebook.com www.google-analytics.com mc.yandex.ru stats.g.doubleclick.net coub.com yandex.ru/map-widget/ music.yandex.ru deezer.com relap.io; report-uri /api/v1/csp_violation; object-src 'self'; plugin-types application/pdf; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.googleadservices.com bat.bing.com ml314.com *.g.doubleclick.net disqus.com *.disqus.com disquscdn.com *.disquscdn.com *.ceros.com go.pardot.com play.vidyard.com storage.googleapis.com *.snapengage.com tagmanager.google.com *.mxpnl.com connect.facebook.net *.rfihub.net *.rfihub.com *.doubleclick.net *.addtoany.com telize-v1.p.mashape.com w.soundcloud.com pi.pardot.com www2.intralinks.com widget.surveymonkey.com www.surveymonkey.com ajax.googleapis.com assets.pinterest.com www2.intralinks.com *.bizographics.com *.linkedin.com *.mixpanel.com *.mxpnl.com *.addtoany.com ade.clmbtech.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com c.disquscdn.com tagmanager.google.com *.mxpnl.com www2.intralinks.com; img-src * data:; media-src 'self'; frame-src 'self' disqus.com ceros.com vidyard.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.ceros.com go.pardot.com play.vidyard.com *.rfihub.com *.doubleclick.net  *.addtoany.com www.youtube.com w.soundcloud.com connect.facebook.net www.surveymonkey.com assets.pinterest.com www2.intralinks.com *.bizographics.com *.linkedin.com; child-src 'self' go.pardot.com www2.intralinks.com; font-src * tagmanager.google.com; connect-src 'self' 'unsafe-inline' *.disqus.com tagmanager.google.com *.mxpnl.com *.mixpanel.com telize-v1.p.mashape.com *.g.doubleclick.net www.google-analytics.com www2.intralinks.com www.facebook.com www2.intralinks.com go.pardot.com *.addtoany.com; report-uri /report-csp-violation 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.google-analytics.com https://nexus.ensighten.com https://www.paypalobjects.com data: 'unsafe-inline' 'unsafe-eval'; img-src * https://stats.g.doubleclick.net data:; font-src 'self' https://www.paypalobjects.com/ data:; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://nexus.ensighten.com/ https://s94483084.t.eloqua.com/ data:; 1
upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 1
default-src 'self'; connect-src 'self' http://*.amegybank.com https://*.amegybank.com https://*.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.doubleclick.net https://connect.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.amegybank.com https://*.amegybank.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.amegybank.com https://*.amegybank.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://www.facebook.com https://*.doubleclick.net https://*.gstatic.com http://*.amegybank.com https://*.amegybank.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.amegybank.com https://*.amegybank.com https://issuu.com https://*.doubleclick.net https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.amegybank.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
default-src 'self';style-src 'unsafe-inline' *;frame-src *;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oss.maxcdn.com https://w.uptolike.com http://place1102.nighter.club http://*.disqus.com http://dsp.kavanga.ru http://w.uptolike.com http://*.googleapis.com http://www.youtube.com http://*.disquscdn.com https://*.googleapis.com http://www.google-analytics.com http://ads.betweendigital.com http://*.admixer.net https://brandomatic.ru http://disqus.com http://*.rambler.ru http://cache.betweendigital.com http://yandex.st http://*.yandex.ru http://cdn.admixer.net https://relap.io https://yandex.st https://mc.yandex.ru http://mc.yandex.ru http://*.yandex.st http://vk.com http://platform.twitter.com http://api9.net https://apis.google.com http://js.advideo.ru https://advertshot.ru http://place1100.nighter.club http://rt.tizerlady.biz http://uk.tizerlady.com http://v.actionteaser.ru http://ssp.clickganic.com ; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com;; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ *.riffle.be; font-src 'self' https://fonts.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://*.google-analytics.com https://*.pointspot.com https://*.cloudfront.net https://*.intelispend-staging.com https://intelispend-staging.com https://*.intelispend.com https://www.1.awardhq.com; font-src 'self' https://*.intelispend.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src *; style-src https: 'unsafe-inline'; script-src https: https://www.google.com/recaptcha 'unsafe-eval' 'unsafe-inline'; child-src www.google.com 1
frame-ancestors *.bryant.edu; report-uri //report-csp-violation 1
script-src 'self' www.papara.com papara.com api.instagram.com maps.googleapis.com mc.yandex.ru www.googletagmanager.com tagmanager.google.com www.googleadservices.com graph.facebook.com staticxx.facebook.com connect.facebook.net stats.g.doubleclick.net www.google.com www.google-analytics.com ajax.googleapis.com www.google.com.tr www.gstatic.com apis.google.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval';style-src 'self' fonts.googleapis.com tagmanager.google.com az732725.vo.msecnd.net 'unsafe-inline' 'unsafe-eval';img-src 'self' www.papara.com papara.com s3-eu-west-1.amazonaws.com  scontent.cdninstagram.com cdninstagram.com mc.yandex.ru lookaside.facebook.com platform-lookaside.fbsbx.com csi.gstatic.com maps.gstatic.com maps.googleapis.com scontent.xx.fbcdn.net graph.facebook.com www.googleadservices.com staticxx.facebook.com www.facebook.com www.google.com.tr stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com www.google.com ssl.gstatic.com data:;object-src 'self' 1
script-src www.google-analytics.com google.com www.google.com https://www.google.com https://www.gstatic.com google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.hapara.com/ 1
default-src 'self' 'unsafe-inline' 20782209p.rfihub.com c1.rfihub.net *.cookiebot.com *.adc-srv.net *.google.de bat.bing.com *.google.com hello.myfonts.net *.rfihub.com *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.rfihub.net *.intelliad.de *.bing.com/bat.js https://forms.osnatel.de/ *.forms.osnatel.de *.pimcore.org *.ggpht.com *.gstatic.com *.googleapis.com 'unsafe-eval' *.googletagmanager.com *.google.com/recaptcha/ *.google-analytics.com hello.myfonts.net *.tellja.de fonts.googleapis.com data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net; media-src 'self' https: *.guinness-storehouse.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri /report-csp-violation 1
default-src 'self' https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net http://maxcdn.bootstrapcdn.com 'unsafe-inline' https://themes.googleusercontent.com http://netdna.bootstrapcdn.com ; script-src 'self' https://netdna.bootstrapcdn.com https://cdn.jsdelivr.net 'unsafe-eval' http://netdna.bootstrapcdn.com 'unsafe-inline' https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.linkedin.com/ https://www.google-analytics.com/; img-src 'self' https://static.licdn.com https://stats.g.doubleclick.net https://www.facebook.com  https://syndication.twitter.com https://ssl.gstatic.com/ https://www.linkedin.com/ https://www.google-analytics.com/; frame-src 'self' https://netdna.bootstrapcdn.com 'unsafe-inline' https://www.canal-u.tv http://www.canal-u.tv https://apis.google.com/ https://platform.twitter.com/ https://connect.facebook.net https://platform.linkedin.com/ https://www.facebook.com/ https://accounts.google.com/ https://s-static.ak.facebook.com/ https://staticxx.facebook.com https://www.youtube.com; report-uri /fr/report-csp-violation 1
frame-ancestors 'self' marketrealist.com; report-uri /report-csp-violation 1
default-src 'self'; allow 'self'; script-src 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; child-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.google.com *.google.gr; frame-src *.facebook.com platform.twitter.com *.g.doubleclick.net *.youtube.com *.google.com *.google.gr *.paypal.com *.paymentwall.com; connect-src 'self' *:888; font-src 'self' data:; form-action 'self' store.payproglobal.com secure.avangate.com; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr *.trustzoneurl.com trustzonepost.xyz *.g.doubleclick.net *.facebook.com syndication.twitter.com seal.digicert.com www.google-analytics.com *.cartocdn.com; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustzoneurl.com google.com a.trust.zone platform.twitter.com connect.facebook.net www.gstatic.com www.googleadservices.com *.google-analytics.com seal.digicert.com *.paypalobjects.com *.paypal.com; report-uri https://trust.zone/_csp_log 1
default-src 'self' *.google-analytics.com *.newrelic.com *.mollom.com *.googleapis.com *.tbe.taleo.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.newrelic.com *.twitter.com *.googleapis.com static.addtoany.com *.disqus.com *.youtube.com *.gstatic.com *.disquscdn.com *.mollom.com *.hostedpci.com bam.nr-data.net maps.google.com  *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com static.addtoany.com *.disqus.com *.youtube.com *.disquscdn.com *.mollom.com *.hostedpci.com *.tbe.taleo.net d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.youtube.com data: *.gstatic.com *.googleapis.com *.disqus.com *.disquscdn.com *.mollom.com *.prod.acquia-sites.com *.hostedpci.com *.google-analytics.com gravatar.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.youtube.com *.gstatic.com *.mollom.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' static.addtoany.com *.youtube.com *.gstatic.com *.disqus.com *.mollom.com *.hostedpci.com *.mapbox.com *.policymap.com disqus.com chk.tbe.taleo.net/* chu.tbe.taleo.net/* d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com data:  d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.googleapis.com *.disqus.com *.hostedpci.com *.google-analytics.com d1ks1friyst4m3.cloudfront.net trackducks.s3.amazonaws.com *.trackduck.com wss://app.trackduck.com 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self'; default-src 'none'; connect-src 'self' https://*.animebytes.tv https://*.animebyt.es; font-src 'self' data:; form-action 'self' https://*.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://*.animebytes.tv https://www.youtube-nocookie.com https://*.soundcloud.com; img-src 'self' https://*.animebytes.tv https://*.animebyt.es data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri /xhr/csp; report-to /xhr/csp; upgrade-insecure-requests; options inline-script eval-script; xhr-src 'self' https://*.animebytes.tv https://*.animebyt.es; 1
default-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; style-src 'self' data: 'unsafe-inline' https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; img-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; media-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; frame-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; font-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com; connect-src 'self' data: https: connect.facebook.net *.doubleclick.net em.allianz.com.my *.googleadservices.com *.facebook.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.google.com 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' whaleshares.io wss://whaleshares.io/ws https://whaleshares.io/ws pubrpc.whaleshares.io rpc.wls.services wss://rpc.wls.services https://rpc.wls.services api.wls.services https://api.wls.services api.whaleshares.io https://api.whaleshares.io rpc.whaleshares.io https://rpc.whaleshares.io; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com fonts.googleapis.com zavoloklom.github.io; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com zavoloklom.github.io; report-uri /api/v1/csp_violation 1
default-src=self 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-K3PFvpUj89HM9+YsrMbeS8944nHbw0OcqWay7aBpBFs=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' '*.youtu.be' '*.youtube.com' '*.sgul.ac.uk' '*.google.com' '*.hotjar.com' '*.schema.org' '*.googletagmanager.com'” 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
default-src https: 'unsafe-inline' 'unsafe-eval' *.zopim.com wss://*.cloudfront.net *.googleapis.com *.google.com *.google-analytics.com; img-src 'self' data: *; font-src 'self' data: * 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self'; connect-src 'self' http://*.calbanktrust.com https://*.calbanktrust.com https://zionsbancorp.sc.omtrdc.net https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.pages05.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.calbanktrust.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: https://*.calbanktrust.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.pages05.net https://*.doubleclick.net https://*.google-analytics.com https://*.gstatic.com https://*.calbanktrust.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' https://*.calbanktrust.com https://*.demdex.net https://*.doubleclick.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.calbanktrust.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self' https://media.entrepot-du-bricolage.fr; img-src 'self' https://www.facebook.com https://www.google.fr https://www.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://uploads.entrepot-du-bricolage.fr data:; script-src 'self' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr https://js-agent.newrelic.com js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://media.entrepot-du-bricolage.fr 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com api.amplitude.com wireframecc-9947.kxcdn.com; script-src 'self' 'unsafe-inline' 'nonce-a3f2ea2294684aece6be00344109028f'  https://d24n15hnbwhuhn.cloudfront.net https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com https://api.amplitude.com wireframecc-9947.kxcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com; img-src 'self' wireframecc-9947.kxcdn.com data:; child-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.serving-sys.com *.sharethis.com *.analytics.edgekey.net *.forefieldkt.com *.foremostadvice.com *.standard.com *.youtube.com *.ytimg.com *.gstatic.com *.pages05.net *.silverpop.com *.sc.pages05.net *.googletagmanager.com *.google-analytics.com fonts.googleapis.com ajax.googleapis.com *.google.com *.duosecurity.com *.vimeo.com *.newrelic.com secure-ds.serving-sys.com *.serving-sys.com *.googleadservices.com *.fonts.net *.twitter.com *.twimg.com *.ubembed.com *.demandbase.com *.userzoom.com stats.g.doubleclick.net *.company-target.com match.prod.bidr.io id.rlcdn.com *.googleapis.com *.doubleclick.net static.3playmedia.com *.brightcove.com *.brightcove.net bcove.me *.zencdn.net bcove.video players.brightcove.net *.brightcove.com  *.llnw.net *.llnwd.net *.edgekey.net *.media.brightcove.com vjs.zencdn.net *.brightcovecdn.com *.brainshark.com *.teads.tv *.3lift.com *.adentifi.com *.basis.net *.facebook.com dc.ads.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com ajax.googleapis.com *.serving-sys.com  *.twimg.com *.gm *.sharethis.com *.pages05.net *.googletagmanager.com *.google-analytics.com *.ubembed.com *.brightcove.com *.gstatic.com *.google.com *.brightcove.net *.serving-sys.com *.googleadservices.com secure-ds.serving-sys.com stats.g.doubleclick.net *.demandbase.com *.userzoom.com googleads.g.doubleclick.net vjs.zencdn.net *.facebook.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com zortrax-2.disqus.com *.disquscdn.com disqus.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.emlgrid.com *.salesmanago.pl *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.upviral.com ;style-src 'self' 'unsafe-inline' *.disquscdn.com *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com http://*.gravatar.com *.disqus.com *.disquscdn.com *.ggpht.com *.emlgrid.com *.salesmanago.pl *.ssl.gstatic.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.disqus.com disqus.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' links.services.disqus.com *.luckyorange.net ws://localhost:3000 *.emlgrid.com *.salesmanago.pl *.google-analytics.com *.tagmanager.google.com ;media-src 'self' *.youtube.com *.youtube-nocookie.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com disqus.com *.tagmanager.google.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com 1
default-src 'self' data: https://*.google.com https://*.youtube.com https://*.vimeo.com https://*.googleapis.com https://maps.google.be https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.rawgit.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com *.parastorage.com *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.google-analytics.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com data:; object-src 'self' *.s3-eu-west-1.amazonaws.com; frame-src 'self' *.wix.com *.facebook.net *.facebook.com batchgeo.com *.youtube.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com; img-src 'self' *.ytimg.com *.wixstatic.com *.paypalobjects.com *.google-analytics.com *.gstatic.com *.google.com *.s3-eu-west-1.amazonaws.com *.youtube-nocookie.com *.parastorage.com *.movimento5stelle.it *.wix.com *.facebook.net *.facebook.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https *.cloudfront.net *.googleapis.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net graph.facebook.com rum-static.pingdom.net 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' https://mozillathimblelivepreview.net; frame-src 'self' https://docs.google.com blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; child-src 'self' https://pontoon.mozilla.org blob: https://mozillathimblelivepreview.net https://www.youtube.com/embed/JecFOjD9I3k; script-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://mozorg.cdn.mozilla.net https://www.google-analytics.com https://pontoon.mozilla.org https://mozillathimblelivepreview.net; connect-src 'self' https://pontoon.mozilla.org https://mozilla.github.io/thimble-homepage-gallery/activities.json https://api.github.com/repos/mozilla/thimble.mozilla.org/issues https://mozillathimblelivepreview.net; frame-ancestors https://pontoon.mozilla.org; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://code.cdn.mozilla.net/ https://pontoon.mozilla.org; img-src *; media-src *; style-src 'self' http://mozorg.cdn.mozilla.net https://ajax.googleapis.com https://fonts.googleapis.com https://mozorg.cdn.mozilla.net https://netdna.bootstrapcdn.com https://pontoon.mozilla.org 'sha256-AnlD8XRHNPxhNZ/6MucKFJr9yYGQtn8bmvveYkBg7a4=' 1
frame-ancestors 'self' https://*.googletagmanager.com https://themes.googleusercontent.com https://*.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.sumome.com https://*.doubleclick.net https://*.msn.com https://*.google.com https://*.twitter.com https://t.co https://*.google.be https://*.facebook.com https://*.newrelic.com https://bam.nr-data.net https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.ytimg.com https://cdncache-a.akamaihd.net https://*.youtube.com https://s.ytimg.com https://*.googlevideo.com https://*.addthis.com https://pbs.twimg.com 1
default-src 'self'; style-src 'unsafe-inline' *; frame-src *; img-src * data:; media-src *; font-src *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.com.ua *.yandex.net *.yandex.ru *.yandex.ua yastatic.net *.imgsmail.ru *.google.com adservice.google.ru *.yandex.st an.yandex.ru platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com; connect-src *; report-uri /csp.php 1
default-src 'self' data: wss://*.altilly.com:2053 wss://*.altilly.com:2083 *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com; script-src 'self' 'nonce-d813e0db8b36e4b44813a3f61c02c756' *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.altilly.com *.bootstrapcdn.com *.twitter.com *.gstatic.com *.twimg.com *.jquery.com *.googleapis.com 1
worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net *.yandex.ru yandex.ru yandexadexchange.net *.yandexadexchange.net *.yandex.com *.yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.googleapis.com *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com; 1
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-0bnQDoBit8hQr1lIga9PeEEl8wnmKyVHHNH8mtEPupg=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' stage-statistics.aldi-international.com statistics.aldi-international.com stage-tracking.aldi-international.com tracking.aldi-international.com; img-src 'self' stage-statistics.aldi-international.com statistics.aldi-international.com stage-tracking.aldi-international.com tracking.aldi-international.com *.googleadservices.com *.doubleclick.net *.google.com *.google.de data:; 1
frame-ancestors *.amboss.com *.miamed.de 1
default-src 'self'; object-src 'none'; child-src 'self' https://rpm.newrelic.com; frame-src 'self' https://rpm.newrelic.com https://www.google.com/recaptcha/; script-src 'self' https://www.google.com/recaptcha/ https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://js-agent.newrelic.com 'unsafe-inline'; img-src 'self' https://ssl.gstatic.com/ www.google-analytics.com www.gravatar.com secure.gravatar.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.facebook.com/ https://github.com/ https://api.twitter.com/; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://swift-prod.prozorro.gov.ua https://openprocurement-storage-sandbox.s3.amazonaws.com https://cdn2.prozorro.gov.ua https://raw.githubusercontent.com/ https://rawgit.com/ https://openprocurement-storage.s3.amazonaws.com https://public.docs.openprocurement.org https://public.docs-sandbox.openprocurement.org https://lb.api-sandbox.openprocurement.org https://public.api.openprocurement.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn2.prozorro.gov.ua https://rawgit.com/ https://connect.facebook.net https://www.linkedin.com https://graph.facebook.com https://*.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://*.googletagmanager.com https://maps.googleapis.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com; frame-src 'self' https://www.youtube.com https://www.slideshare.net https://staticxx.facebook.com https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net https://encircleapp.bamboohr.com; font-src 'self' https://*.gstatic.com https://themes.googleusercontent.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://api.tumblr.com https://*.stripe.com https://*.googleapis.com https://*.gstatic.com https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hscollectedforms.net js.hs-analytics.net https://encircleapp.bamboohr.com; img-src 'self' data: blob: https://quikasyst.s3.amazonaws.com https://encircle.s3.amazonaws.com https://*.blob.core.windows.net https://*.ytimg.com https://img.youtube.com https://i.vimeocdn.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.ca https://*.gstatic.com https://tor01.objectstorage.softlayer.net https://*.ggpht.com https://stats.g.doubleclick.net track.hubspot.com cdn2.hubspot.net djtflbt20bdde.cloudfront.net d33v4339jhl8k0.cloudfront.net https://resources.bamboohr.com/; media-src 'self' https://tor01.objectstorage.softlayer.net https://*.blob.core.windows.net; object-src 'self' https://tor01.objectstorage.softlayer.net https://*.blob.core.windows.net https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net; frame-src 'self' https://docs.google.com https://*.officeapps.live.com https://player.vimeo.com https://www.youtube.com https://js.stripe.com https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net market://* https://forms.hsforms.com; connect-src 'self' wss://ws.encircleapp.com https://ws.encircleapp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com https://api.stripe.com https://*.blob.core.windows.net https://encircle.helpscoutdocs.com https://forms.hubspot.com https://encircleapp.bamboohr.com; report-uri /cspfailure; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com *.twitter.com; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' https://cms.deutsche-digitale-bibliothek.de/; connect-src *.akamaihd.net *.vimeo.com 'self' https://cms.deutsche-digitale-bibliothek.de/ *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de plusone.google.com accounts.google.com *.google.com *.twitter.com *.facebook.com *.youtube.com; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://rum-static.pingdom.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cstatic.weborama.fr https://track.adform.net https://s7.addthis.com https://m.addthis.com https://connect.facebook.net https://geocoding.infoportugal.info; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com https://www.google.pt https://www.google-analytics.com https://stats.g.doubleclick.net https://turismoptanalytics.solution.weborama.fr https://www.facebook.com https://map7.infoportugal.info; media-src 'self'; frame-src 'self' https://6838259.fls.doubleclick.net https://turismoportugal.solution.weborama.fr https://s7.addthis.com https://www.youtube.com; font-src 'self'; connect-src 'self' https://rum-collector-2.pingdom.net https://m.addthis.com; report-uri /admin/config/system/seckit/csp-report 1
default-src *.sanayi.gov.tr; script-src 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sanayi.gov.tr *.youtube.com *.google-analytics.com *.ytimg.com *.twitter.com *.twimg.com; style-src 'unsafe-inline' *.sanayi.gov.tr *.googleapis.com *.twitter.com *.twimg.com; img-src data: *.sanayi.gov.tr *.ytimg.com *.google-analytics.com *.twitter.com *.twimg.com; media-src *.ytimg.com *.youtube.com; connect-src *.sanayi.gov.tr *.twitter.com; child-src twitter.com *.youtube.com *.google.com *.sanayi.gov.tr *.twitter.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://www.google-analytics.com https://www.googleadservices.com https://static.hotjar.com https://sjs.bizographics.com https://collector-518.tvsquared.com https://rum-static.pingdom.net https://connect.facebook.net https://bat.bing.com https://static.ads-twitter.com https://cookie-script.com https://sleeknotecustomerscripts.sleeknote.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://analytics.twitter.com https://script.hotjar.com https://ajax.googleapis.com  https://dev.visualwebsiteoptimizer.com  https://www.linkedin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://picsum.photos https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com/ https://t.co https://collector-518.tvsquared.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://dev.visualwebsiteoptimizer.com https://www.google.com.ua https://cookie-script.com; media-src 'self' https://vimeo.com; frame-src 'self' http://player.vimeo.com https://player.vimeo.com https://vimeo.com https://vars.hotjar.com https://4497843.fls.doubleclick.net/; connect-src 'self' 'unsafe-inline' https://vimeo.com https://rum-collector-2.pingdom.net https://dev.visualwebsiteoptimizer.com; report-uri /report-csp-violation 1
policy-uri /http://gd.geobytes.com/GetCityDetails 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net maps.googleapis.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: fonts.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com csi.googleapis.com csi.gstatic.com khms0.googleapis.com khms1.googleapis.com www.google-analytics.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.youtube.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: themes.googleusercontent.com fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; 1
default-src 'self' 'unsafe-inline' *.gstatic.com https://lh3.ggpht.com *.rnengage.com *.googleapis.com *.custhelp.com *.rawgit.com *.doubleclick.net *.facebook.net *.facebook.com data:; frame-src 'self' 'unsafe-inline' *.google.com; report-uri /report-csp-violation 1
default-src 'self' data: localhost:* *.googleapis.com scontent.cdninstagram.com www.waternet.nl www.agv.nl www.wereldwaternet.nl epi.waternet.nl waternet.pti.nl www.youtube.com chat1.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com fonts.googleapis.com maps.gstatic.com csi.gstatic.com fonts.gstatic.com stats.g.doubleclick.net app.cobrowser.com *.hotjar.com:* cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net pbs.twimg.com syndication.twitter.com platform.twitter.com; frame-src 'self' waternet.pti.nl *.optimizely.com chat1.waternet.nl app.cobrowser.com *.hotjar.com:* www.youtube.com www.google.com www.kcmsurvey.com platform.twitter.com syndication.twitter.com twitter.com; script-src 'self' *.ytimg.com *.youtube.com epi.waternet.nl localhost:* *.optimizely.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com maps.googleapis.com maps.gstatic.com app.cobrowser.com *.hotjar.com:* cdn.nowinteract.com imp2.nowinteract.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' epi.waternet.nl *.optimizely.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com app.cobrowser.com platform.twitter.com 'unsafe-inline'; connect-src https: http: ws: wss:; 1
1 1
default-src 'self' 'unsafe-inline' *.crick.ac.uk *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.vimeo.com *.vimeocdn.com *.youtube.com *.soundcloud.com *.twitter.com *.youtube.com *.twimg.com theta360.com cdn.rawgit.com raw.githubusercontent.com data:;; script-src 'self' 'unsafe-inline' theta360.com crick.us13.list-manage.com *.mailchimp.com *.theta360.com *.google.com *.google-analytics.com *.googleapis.com use.typekit.net *.vimeocdn.com *.vimeo.com vimeo.com *.twitter.com *.twimg.com *.youtube.com *.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com cdn.rawgit.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com *.google.com *.googleapis.com *.twitter.com *.mailchimp.com; font-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com *.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com maps.google.com *.googleapis.com *.gstatic.com www.google.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com platform.twitter.com *.twimg.com ifoa.precedenthost.co.uk *.actuaries.org.uk cdn.rawgit.com e.issuu.com www.youtube.com s.ytimg.com tagmanager.google.com khan.github.io squizlabs.github.io script.crazyegg.com *.eu-west-2.amazonaws.com s3.amazonaws.com; object-src *.issuu.com flash.quantserve.com s3.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com platform.twitter.com *.actuaries.org.uk tagmanager.google.com squizlabs.github.io *.eu-west-2.amazonaws.com; img-src 'self' data: *.google-analytics.com www.googletagmanager.com maps.google.com *.gstatic.com *.googleapis.com rest.mollom.com rest-production.mollom.com bam.nr-data.net syndication.twitter.com platform.twitter.com *.twimg.com *.actuaries.org.uk live.sagepay.com *.doubleclick.net *.openathens.net squizlabs.github.io *.eu-west-2.amazonaws.com s3.amazonaws.com *.amazonaws.com; frame-src 'self' embed.multichanneltv.com openchannel.multichanneltv.com www.youtube.com www.googletagmanager.com *.streamamg.com; font-src 'self' data: *.gstatic.com ifoa.precedenthost.co.uk *.actuaries.org.uk *.eu-west-2.amazonaws.com; connect-src 'self' bam.nr-data.net e.issuu.com; report-uri //IFoA.report-uri.io/r/default/csp/enforce 1
default-src 'self'  *.googleapis.com *.twitter.com *.twimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com *.liveperson.net telekomkarriere01.wt-eu02.net geid.wbtrk.net cdn.wbtrk.net cdn.cbtrk.net *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com; frame-src *; img-src * data: blob: filesystem:; font-src 'self' fonts.gstatic.com data:; media-src * 1
default-src * 'unsafe-inline' cdn.ckeditor.com 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'none' 1
frame-ancestors 'self' *.winkbingo.com *.bingosys.net ; 1
base-uri 'none'; default-src 'none'; child-src https://www.googletagmanager.com/ns.html https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.jove.com https://*.youtube.com https://*.vimeo.com https://*.jic.ac.uk https://*.jic.ac.uk; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://secure.gravatar.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.algolianet.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry.io/api/1295424/security/?sentry_key=cd968711cb3249ac9e21bf82518da232&sentry_environment=production; report-to https://sentry.io/api/1295424/security/?sentry_key=cd968711cb3249ac9e21bf82518da232&sentry_environment=production; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.twitter.com *.google.com *.gstatic.com *.google-analytics.com http://*.hotjar.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' *.myfonts.net *.googleapis.com; img-src 'self' data: *.boplatssyd.se *.momentum.se *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com http://*.hotjar.com https://*.hotjar.com *.ytimg.com *.vimeocdn.com http://i.vimeocdn.com; media-src 'self' *.boplatssyd.se; frame-src 'self' *.malmo.se https://*.hotjar.com *.youtube.com *.vimeo.com; font-src 'self' *.myfonts.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com; connect-src 'self' *.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; child-src 'self' *; font-src 'self' *; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'self' 'unsafe-inline' https://browser-update.org 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.googlesyndication.com data:; object-src *; style-src 'self' 'unsafe-inline' *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com; img-src * data:; media-src *; frame-src *; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.meine-weinwelt.de s3.eu-central-1.amazonaws.com weinwelt.cdn-aldi-sued.de stage-statistics.aldi-international.com statistics.aldi-international.com tracking.aldi-international.com stage-tracking.aldi-international.com videos.cdn-aldi-sued.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de www.youtube-nocookie.com walls.io stage-statistics.aldi-international.com statistics.aldi-international.com tracking.aldi-international.com stage-tracking.aldi-international.com; frame-src 'self' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de www.youtube.com www.youtube-nocookie.com walls.io videos.cdn-aldi-sued.de stage-statistics.aldi-international.com statistics.aldi-international.com; frame-ancestors 'self' *.meine-weinwelt.de weinwelt.cdn-aldi-sued.de statistics.aldi-international.com stage-statistics.aldi-international.com www.youtube-nocookie.com https://walls.io; 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; object-src 'unsafe-inline'  iiabank.com.jo *.iiabank.com.jo; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.ckeditor.com *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com iiabank.com.jo *.iiabank.com.jo; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com  *.local *.dotdemos.com *.dot.jo iiabank.com.jo *.iiabank.com.jo; report-uri /admin/config/system/seckit/csp-report 1
child-src 'self' www.youtube.com accounts.google.com; connect-src *; default-src 'self'; img-src 'self' * storage.googleapis.com maps.googleapis.com images.pexels.com *.amazonaws.com www.localsearch.com.au maps.googleapis.com maps.gstatic.com *.localsearch.cloud *.googleusercontent.com *.facebook.com googleads.g.doubleclick.net pagead2.googlesyndication.com ssl.gstatic.com data:; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' * cdn.polyfill.io maps.googleapis.com connect.facebook.net/en_US/sdk.js *.google.com *.hotjar.com googleads.g.doubleclick.net pagead2.googlesyndication.com tagmanager.google.com googletagmanager.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com fonts.googleapis.com cdn.rawgit.com/milligram/milligram/master/dist/milligram.min.css fonts.googleapis.com/css; frame-src *.facebook.com *.google.com *.youtube.com *.gstatic.com *.hotjar.com googleads.g.doubleclick.net pagead2.googlesyndication.com 1
default-src 'self'; script-src 'self' yastatic.net cdn.socket.io iplayer.org main.yayoye.com.ua 'unsafe-eval'  'unsafe-inline' *.pix-cdn.org yandex.st www.gstatic.com ad.iplayer.org:3000 pagead2.googlesyndication.com  mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; object-src *;  style-src 'self' iplayer.org *.pix-cdn.org  'unsafe-inline'; img-src 'self' * data: *.pix-cdn.org  www.liveinternet.ru pagead2.googlesyndication.com counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com main.yayoye.com.ua gamegame.2974600.pix-cdn.org; media-src 'self'; frame-src 'self' googleads.g.doubleclick.net *; font-src 'self'; connect-src 'self'  iplayer.org api.iplayer.org mc.yandex.ru; report-uri https://caspr.io/endpoint/66066cdcb23dc03b223f90743a46265c96c10554feec61cf620e5a2768bc4a6f 1
default-src 'self' *.google.com google.com *.jquery.com jquery.com *.twitter.com twitter.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.optimizely.com optimizely.com *.googleapis.com googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.highcharts.com highcharts.com *.bing.com bing.com gstatic.com *.gstatic.com *.doubleclick.net doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com google.com *.jquery.com jquery.com *.twitter.com twitter.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.cloudflare.com cloudflare.com *.brightcove.net brightcove.net *.cloudfront.net cloudfront.net *.optimizely.com optimizely.com *.googleapis.com googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com facebook.com *.highcharts.com highcharts.com *.bing.com bing.com gstatic.com *.gstatic.com *.doubleclick.net doubleclick.net; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; child-src *.youtube.com youtube.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.youtube.com youtube.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* 1
frame-ancestors 'self' https://www.rpr1.de 1
default-src 'self' *.learningcloud.me ;script-src 'self' www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval' ; font-src 'self' * 'unsafe-inline' 'unsafe-eval'  1
default-src 'self' *.spgpromos.com lacek.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.spgpromos.com localhost:* lacek.hs.llnwd.net *.btstatic.com *.admarketplace.com *.google-analytics.com *.thebrighttag.com *.bing.com *.yimg.com *.yieldoptimizer.com *.googleadservices.com *.ampxchange.com *.yahoo.com *.serving-sys.com *.admarketplace.com *.admarketplace.net *.googletagmanager.com *.doubleclick.net *.signal.co *.facebook.com; object-src 'self' lacek.hs.llnwd.net; style-src 'self' 'unsafe-inline' lacek.hs.llnwd.net; img-src 'self' * data:; media-src 'self' lacek.hs.llnwd.net; frame-src 'self' lacek.hs.llnwd.net localhost:* *.spgpromos.com:* *.doubleclick.net; font-src 'self' lacek.hs.llnwd.net; connect-src 'self' lacek.hs.llnwd.net *.serving-sys.com *.spgpromos.com spgpromos.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' wss://signalling.livecall.io; font-src * data: ; img-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de itzbund.de *.bka.de bka.de www.facebook.com; img-src 'self' piwik.itzbund.de *.itzbund.de pbs.twimg.com 1
frame-ancestors https://www.webmd.com; report-uri /report-csp-violation 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'self' data: *.hz.nl *.hubspot.com www.google.com www.google.nl www.google-analytics.com www.googletagmanager.com www.facebook.com stats.g.doubleclick.net *.zopim.com 1
default-src 'self'; connect-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://*.cludo.com; script-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.google.com http://*.nbarizona.com https://*.nbarizona.com https://*.zionsbank.com https://*.cludo.com 'unsafe-eval'; object-src 'self' data: http://*.nbarizona.com https://*.nbarizona.com; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.cludo.com; img-src 'self' data: https://*.gstatic.com http://*.nbarizona.com https://*.nbarizona.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.googleapis.com https://*.google.com https://*.cludo.com; media-src 'self' data:; frame-src 'self' http://*.nbarizona.com https://*.nbarizona.com https://*.demdex.net https://secure.checkout.visa.com https://*.youtube.com https://*.pages05.net https://*.brightcove.net; frame-ancestors 'self' https://banking.nbarizona.com; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' data: mc.yandex.ru platform.twitter.com staticxx.facebook.com secure.livechatinc.com www.facebook.com staticxx.facebook.com www.youtube-nocookie.com web.facebook.com syndication.twitter.com i.ytimg.com; script-src 'self' data: * 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.livechatinc.com cdnjs.cloudflare.com connect.facebook.net www.youtube.com s.ytimg.com www.google-analytics.com mc.yandex.ru platform.twitter.com secure.livechatinc.com cdn.livechatinc.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' s.ytimg.com; img-src * data:; media-src 'self' data:; frame-src 'self' accounts.google.com www.facebook.com www.livechatinc.com secure.livechatinc.com platform.twitter.com staticxx.facebook.com syndication.twitter.com www.youtube-nocookie.com www.youtube.com; font-src *; connect-src 'self' data: syndication.twitter.com www.youtube-nocookie.com secure.livechatinc.com https://mc.yandex.ru  https://checkin.purechat.com/api/checkin *.purechat.com *.amazonaws.com 1
script-src 'self' https://www.google-analytics.com https://ajax.googleapis.com https://www.rpgwatch.com 1
default-src 'self' https://vedab.nibis.de/ https://vedab.de/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src 'self' data:; script-src 'self' https://www.google.com https://ajax.googleapis.com https://cdn.inspectlet.com https://cdn.pendo.io https://app.pendo.io https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://ajax.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://antispamcloud.com https://sentry.io; img-src 'self' http://hn.inspectlet.com https://app.pendo.io data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com data:	https: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com ajax.googleapis.com cdnjs.cloudflare.com s7.addthis.com m.addthis.com m.addthisedge.com svc.webspellchecker.net atlas.bayside.vic.gov.au www.gstatic.com maps.googleapis.com edge.addthis.com www.googletagmanager.com www.google-analytics.com loader.webspellchecker.net s1.webspellchecker.net tagmanager.google.com cdn.siteimprove.net maps.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com maxcdn.bootstrapcdn.com hello.myfonts.net svc.webspellchecker.net atlas.bayside.vic.gov.au tagmanager.google.com; img-src 'self' svc.webspellchecker.net atlas.bayside.vic.gov.au data: maps.gstatic.com maps.googleapis.com csi.gstatic.com ecouncil.bayside.vic.gov.au www.bayside.vic.gov.au ajax.googleapis.com m.addthis.com www.google-analytics.com s1.webspellchecker.net stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com www.addthis.com maps.google.com; frame-src 'self' s7.addthis.com bayside.vic.gov.au www.bayside.vic.gov.au ecouncil.bayside.vic.gov.au atlas.bayside.vic.gov.au www.google.com www.google.com.au edge.addthis.com www.youtube.com s1.webspellchecker.net www.webspellchecker.net www.googletagmanager.com www.vision6.com.au player.vimeo.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com atlas.bayside.vic.gov.au sxt.cdn.skype.com; connect-src 'self' m.addthis.com svc.webspellchecker.net s7.addthis.com cdn.siteimprove.net my2.siteimprove.com id.siteimprove.com www.google-analytics.com stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self' http://webvisor.com/ https://metrika.yandex.ru https://www.google-analytics.com https://analytics.google.com 1
default-src 'self'; script-src  'unsafe-inline' 'unsafe-eval' 'self' *.cmog.org *.google-analytics.com *.hotjar.com *.adroll.com *.googleapis.com *.newrelic.com *.jquery.com *.nr-data.net *.google.com *.gstatic.com *.facebook.net data:; object-src 'self' *; style-src 'self' 'unsafe-inline' *.cmog.org; img-src 'self' * data: blob:; media-src 'self' *.youtube.com *.youtu.be; frame-src *.cmog.org *.hotjar.com *.youtube.com *.google.com *.vimeo.com; frame-ancestors 'self' *.cmog.org *.hotjar.com; child-src *.cmog.org *.youtube.com *.hotjar.com; font-src *.cmog.org data: 'self' https://cdn.joinhoney.com; connect-src *.cmog.org https://*.hotjar.com wss://*.hotjar.com *.google-analytics.com *.optimalworkshop.com *.g.doubleclick.net  *.facebook.net; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com s7.addthis.com fast.fonts.com m.addthis.com; frame-src 'self' s7.addthis.com m.addthis.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com code.jquery.com https://code.jquery.com https://*.googleapis.com *.googleapis.com *.google.com *.google.de *.gstatic.com maxcdn.bootstrapcdn.com analytics.kreapptivo.de https://analytics.kreapptivo.de https://ssl.google-analytics.com https://pagead2.googlesyndication.com https://connect.facebook.net; img-src 'self' blob: data: * analytics.kreapptivo.de https://analytics.kreapptivo.de *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com https://ssl.google-analytics.com s-static.ak.facebook.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com https://*.googleapis.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com; child-src 'self' * googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://s-static.ak.facebook.com; object-src 'self' 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'none'; frame-src https://static-corp.sendsafely.com 'self' https://bid.g.doubleclick.net https://www.google.com sendsafely: https://analytics-frame.sendsafely.com https://static-www.sendsafely.com;connect-src 'self'; script-src 'self' https://static-www.sendsafely.com https://www.google.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://ssl.google-analytics.com https://api.stripe.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsforms.net https://forms.hubspot.com https://api.hubapi.com https://internal.hubapi.com; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; object-src 'self' https://static-www.sendsafely.com; child-src 'self'; img-src 'self' https://cdn.zapier.com https://zapier.com https://app-static.sendsafely.com blob: data: https://www.google.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://ssl.google-analytics.com https://www.gravatar.com i0.wp.com i1.wp.com i2.wp.com i3.wp.com https://stats.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://track.hubspot.com chrome-extension:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' 1
" default-src 'self'; base-uri 'self' *.makita.sk; frame-src 'self' *.youtube.com; img-src 'self' data: *.google-analytics.com *.doubleclick.net *.ytimg.com; script-src 'strict-dynamic' 'nonce-OXAh9VBvIC' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self';" 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: use.typekit.net www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com maps.googleapis.com https://cdn.rawgit.com *.cookiebot.com www.googleadservices.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com www.facebook.com www.google.com www.google.be; font-src 'self' *.typekit.net fonts.gstatic.com data:; connect-src 'self' performance.typekit.net www.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
default-src 'unsafe-inline' https:; 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; report-to /csp-report; 1
default-src 'unsafe-inline'  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: use.typekit.net www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com tdn.r42tag.com *.cookiebot.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net *.addtoany.com; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com; img-src 'self' p.typekit.net www.google-analytics.com data: ssl.gstatic.com www.gstatic.com *.facebook.com www.googletagmanager.com godlinkapp.com *.google.com *.google.be *.google.pt *.google.co.uk; font-src 'self' *.typekit.net fonts.gstatic.com data:; connect-src 'self' performance.typekit.net www.google-analytics.com *.facebook.com; report-uri /report-csp-violation 1
default-src 'none';script-src 'self' 'unsafe-inline' https://static.frag-den-staat.de https://traffic.okfn.de;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de https://www.betterplace.org https://betterplace-assets.betterplace.org https://i.vimeocdn.com https://raw.githubusercontent.com *.tile.openstreetmap.org *.global.ssl.fastly.net *.yelpcdn.com i.ytimg.com;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://okfde.github.io https://www.betterplace.org https://betterplace-assets.betterplace.org https://player.vimeo.com https://www.youtube-nocookie.com https://media.ccc.de https://challonge.com;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' https://static.frag-den-staat.de https://media.frag-den-staat.de;child-src blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://www.paypal.com https://pretix.eu;report-uri https://sentry.okfn.de/api/4/csp-report/?sentry_key=b0305966ad35428b88f611c796792749; 1
default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.lamapoll.de; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src 'self' data: lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de *.facebook.com; media-src 'self' lamapoll.de *.lamapoll.de sslsurvey.de *.sslsurvey.de youtube.com youtube-nocookie.com; object-src 'self'; connect-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com www.youtube-nocookie.com 1
default-src 'self' https://go.online-ident.ch  tag.myaspectra.ch; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; font-src 'self' https://fonts.gstatic.com ; child-src 'self' https://go.online-ident.ch https://www.google.com ; img-src 'self' tag.myaspectra.ch  1
default-src 'self' 'unsafe-eval' https://www.youtube.com:* 'unsafe-inline' https://bam.nr-data.net:* https://www.google.com:* https://www.googleapis.com:*  https://clients1.google.com:* https://code.jquery.com:* https://js-agent.newrelic.com:*  https://cdn.printfriendly.com:* https://cdn.jsdelivr.net:*  https://www.google-analytics.com:* https://cse.google.com:*  https://ds-4047.kxcdn.com:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com; frame-src 'self' *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com/; report-uri /report-csp-violation 1
allow 'self' script-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com; img-src * data:; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://insights.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors 'self'; 1
base-uri 'self' *.google.com; child-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; frame-src 'self' gap: *.google.com *.hotjar.com *.investis.com *.surveymonkey.com *.twitter.com; connect-src 'self' wss://*.hotjar.com *.feefo.com *.hotjar.com *.investis.com *.twimg.com *.twitter.com *.doubleclick.net *.google-analytics.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com; img-src 'self' data: *; script-src 'self' gap: *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.investis.com *.surveymonkey.com *.twimg.com *.twitter.com unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.google.com *.gstatic.com *.twitter.com *.twimg.com 'unsafe-inline'; frame-ancestors 'self' *.doubleclick.net *.googletagmanager.com *.hotjar.com *.surveymonkey.com https://vars.hotjar.com *.noblehosted.com theparagongroup.sharepoint.com; referrer no-referrer; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=IWsy38jF%2bSE%2bqKb%2bEuPqsw2Ybx6CDCTliULD4a69HZgfUDZkO%2bTQhknF2NMa4JdgzqmL4%2fdlGXlG39ZB%2bGMSRxrhFkbJqaQVitntbhfIxdOUHI%2fVo5rRpmj1949vSyMV; report-to /SecurityUtils/rest/Report/ReportViolations?Params=IWsy38jF%2bSE%2bqKb%2bEuPqsw2Ybx6CDCTliULD4a69HZgfUDZkO%2bTQhknF2NMa4JdgzqmL4%2fdlGXlG39ZB%2bGMSRxrhFkbJqaQVitntbhfIxdOUHI%2fVo5rRpmj1949vSyMV; 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.antisov.ru https://top-abd.mail.ru https://*.jivosite.com https://top-fwz1.mail.ru/js/code.js cdn.rees46.com/v3.js *.embedly.com *.gstatic.com *.ably.io http://api-maps.yandex.ru https://api-maps.yandex.ru *.beeline.ru *.google.kz *.google.com https://mc.yandex.ru www.facebook.com staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl https://cdn.ably.io cdn.ably.io dl.metabar.ru *.dadata.ru vk.com *.toysfest.ru https://www.google.com https://www.google.ru *.googleapis.com www.googletagmanager.com connect.facebook.net www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru cdn.mxpnl.com cdn.ably.io; frame-src 'self' cdn-fr.jivosite.com cdn.jivosite.com *.gstatic.com https://api-maps.yandex.ru http://awaps.yandex.ru mc.yandex.ru https://www.facebook.com https://staticxx.facebook.com stats.g.doubleclick.net www.googletagmanager.com images.weserv.nl cdn.ably.io dl.metabar.ru *.dadata.ru https://www.youtube.com https://www.google.com https://www.google.ru *.facebook.com *.youtube.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'none'; font-src 'self'; script-src 'self' 'sha256-2XPtiIriLCRC9BnusBjoTHsfh5zn7F+h7Cr17XwSN50='; img-src * data:; object-src 'none'; style-src 'self' 'sha256-PEo9RAB0C7Pw0EzsgS+HuVOHFPZRr93dZNJ9mYzz95A=' 'sha256-lrhGtO62QsLjBNsk1WGpvRZbHmXYMG/CmjhMFhLDJpg=' 'sha256-4SHcbKIX1Fx5rhlottWqqHggM5MSJz+xg9uwwq8UK74=' 'sha256-bQfd5MwpJ1ZxnVh373acxlqXQ8VwM88QhEHNuQ0ppNg=' 'sha256-yIJ6JcbosmUis6IDdnDV7NU2qPkU/1KUJHRwj44Q32o='; frame-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self';frame-ancestors 'self'; report-uri https://searx.report-uri.com/r/d/csp/enforce; 1
default-src 'self' dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self'  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com/  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com ; object-src 'self'; style-src 'self' 'unsafe-inline' http://cdn.ckeditor.com; img-src 'self' http://cdn.ckeditor.com; media-src 'self' https://youtube.com; frame-src 'self' https://www.youtube.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
default-src https: wss: ws: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'unsafe-inline' 'unsafe-eval' *.provincia.cuneo.it www.provincia.cuneo.gov.it *.shinystat.com *.googleapis.com *.pinterest.com; object-src *.provincia.cuneo.it www.provincia.cuneo.gov.it; font-src fonts.googleapis.com fonts.gstatic.com 1
policy-uri /'self' 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'none'; frame-src 'self' https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline'; connect-src 'self' *.gstatic.com https://securepubads.g.doubleclick.net; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
img-src 'self' data: blob: http://feather.aviary.com/ http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://feather.aviary.com/ https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css http://feather.aviary.com/ https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/; connect-src 'self' http://cd.aviary.com/ https://api-ag.aviary.com/ https://feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com/ http://featherservices.aviary.com/ http://ip-api.com/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/; media-src 'self'; object-src 'self'; frame-ancestors none 1
: default-src https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.google.com https://tracking.leadlander.com https://1.tl813.com https://geoip-js.maxmind.com https://www.google.co.uk https://*.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline' *.searchtechnologies.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.rawgit.com https://www.gstatic.com https://www.google.com https://tracking.leadlander.com https://www.linkedin.com https://ajax.googleapis.com https://formalyzer.com https://www.googleadservices.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://*.trackalyzer.com https://js.maxmind.com https://bat.bing.com https://storage.googleapis.com https://snap.licdn.com https://t.sf14g.com https://1.tl813.com https://code.jquery.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; img-src https://raw.githubusercontent.com https://cdn.rawgit.com https://tracking.leadlander.com https://www.google.iq https://www.google.co.uk https://www.googletagmanager.com https://www.google-analytics.com https://t2.trackalyzer.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com 'self' *.searchtechnologies.com data:; connect-src https://geoip-js.maxmind.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net 'self' *.searchtechnologies.com; form-action 'self'; font-src 'self' https://cdnjs.cloudflare.com https://www.searchtechnologies.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.vcapps.org *.addthis.com *.google-analytics.com *.doubleclick.net gpp.guidestar.org nonprofitdirectory.guidestar.org gppplugin.guidestar.org ; style-src 'unsafe-inline' https: ;script-src 'unsafe-inline' https: ;frame-src 'unsafe-inline' https: 1
script-src 'self' 'unsafe-inline' https://connect.facebook.net http://connect.facebook.net https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com http://*.googleapis.com https://stackpath.bootstrapcdn.com http://stackpath.bootstrapcdn.com; img-src 'self' data: https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com http://*.gstatic.com https://stats.g.doubleclick.net https://translate.google.com; media-src 'self'; frame-src 'self' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.youtube.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.googleadservices.com *.maxymiser.net *.adobedtm.com *.doubleclick.net *.demdex.net *.ckeditor.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ckeditor.com; img-src 'self' *.santander.co.uk *.google.com *.google.co.uk *.google.de *.google.es *.ckeditor.com; media-src 'self'; frame-src 'self' *.youtube.com *.doubleclick.net; font-src 'self' *.gstatic.com; connect-src 'self' *.demdex.net *.santander.co.uk *.google.co.uk; report-uri /auth_admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com maps.google.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ cdn.rawgit.com/googlemaps/js-info-bubble/gh-pages/src/infobubble.js https://www.vaillantpartner.de https://static.hotjar.com https://script.hotjar.com https://www.provenexpert.com; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com https://www.provenexpert.com; img-src 'self' data: www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net maps.google.com maps.gstatic.com maps.googleapis.com https://www.google.com/ads/ https://www.google.de/ads/ images.provenexpert.com https://www.vaillantpartner.de; frame-src 'self' https://www.google.com/recaptcha/ https://bad-heizung.jacando.com https://www.youtube.com https://youtube.com https://vars.hotjar.com http://www.kopfkunst.net https://www.kopfkunst.net https://visoft360.com; child-src 'self' https://www.google.com/recaptcha/ https://bad-heizung.jacando.com https://www.youtube.com https://youtube.com https://vars.hotjar.com http://www.kopfkunst.net https://www.kopfkunst.net https://visoft360.com; font-src 'self' data: fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' http: https: www.krebshilfe.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com connect.facebook.net code.jquery.com www.googletagservices.com www.adbox.lt googleapis.com www.googleadservices.com vjs.zencdn.com www.audiklubas.com partner.googleadservices.com pagead2.googlesyndication.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://ajax.googleapis.com https://vk.com https://*.vk.com https://me-talk.ru https://*.me-talk.ru https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://www.google.com https://yastatic.net; object-src 'self' https://*.youtube-nocookie.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.me-talk.ru https://me-talk.ru https://www.google.com https://ajax.googleapis.com; img-src 'self' https://*.me-talk.ru https://maps.googleapis.com https://*.gstatic.com https://vk.com https://*.vk.com https://mc.yandex.ru https://www.google-analytics.com https://api-maps.yandex.ru https://*.maps.yandex.net data: https://www.cs-cart.com; frame-src 'self' https://www.google.com https://ajax.googleapis.com https://*.youtube-nocookie.com https://*.youtube.com https://*.me-talk.ru https://me-talk.ru; font-src 'self' data: https://*.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://me-talk.ru https://*.me-talk.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://*.gstatic.com 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://chat.consumercare.net https://h6.consumercare.net https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline'; img-src 'self' scontent.cdninstagram.com scontent.xx.fbcdn.net www.facebook.com syndication.twitter.com www.google-analytics.com i.ytimg.com https://external.xx.fbcdn.net data: https://chart.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com *.juicer.io; frame-src 'self' *; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'none'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://translate.google.com/translate_a/ 'unsafe-eval' https://translate.googleapis.com/translate_static/js/ https://translate.googleapis.com/translate_static/js/element/ https://translate.googleapis.com/translate_a/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://www.googletagmanager.com https://static.getclicky.com https://in.getclicky.com https://*.google.com http://*.google.com ; style-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/bootstrap/3.3.5/ https://www.google.com/jsapi 'unsafe-inline' https://www.google-analytics.com/ https://bbox.blackbaudhosting.com/webforms/ https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://translate.googleapis.com https://translate.google.com https://*.google.com http://*.google.com ; img-src 'self' https://www.google-analytics.com/ https://www.gstatic.com/images/ https://www.google.com/images/ https://translate.googleapis.com/translate_static/ https://bbox.blackbaudhosting.com/webforms/images/ data: https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ https://*.google.com http://*.google.com  https://ssl.gstatic.com; frame-src 'self' https://bbox.blackbaudhosting.com/webforms/custom/mongo/scripts/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://w.soundcloud.com/player/ https://user-e3mlril.cld.bz https://www.googletagmanager.com; font-src 'self' https://cdn.jsdelivr.net/bootstrap/3.3.5/ data: https://fonts.gstatic.com/s/opensans/v13/; connect-src 'self' https://svc.webspellchecker.net/spellcheck31/script/ https://translate.googleapis.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com; style-src 'self' 'unsafe-inline' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.googleadservices.com https://googleadservices.com https://*.doubleclick.net *.doubleclick.net data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com *.newrelic.com http://www.edu-quip.co.uk *.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com; frame-src 'self' *.googleadservices.com *.doubleclick.net https://googleadservices.com https://*.doubleclick.net https://*.facebook.com *.youtube.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.newrelic.com *.google-analytics.com *.googleadservices.com https://googleadservices.com *.facebook.net d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://www.google.com https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' *.responsetap.com seal.verisign.com https://seal.verisign.com *.doubleclick.net; font-src 'self' *.evocdn.co.uk *.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https://c918654.ssl.cf3.rackcdn.com https://c918654.ssl.cf3.rackcdn.com; 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://stats.norics.de; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://stats.norics.de; child-src 'self' https://www.google.com https://www.openstreetmap.org https://stats.norics.de; report-uri /report-csp-violation 1
default-src *; script-src 'self' 'unsafe-inline' 'sha256-QAd+1yCzTaLN37yHgWCooxcq37sXnwsopb/y+DkzYvA=' 'sha256-1CpjmdSGjCZr6oNd1cma/Y7Dge7yykpbBqURqv1Azcw=' 'sha256-M+DVfAsChzxHrudR35PgOyr9XEslkoK1dwkcmPjfnvw=' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com http://*.inspsearchapi.com http://www.google.com http://api.bing.com http://ff.search.yahoo.com/ http://suggest.infospace.com http://api.autocompleteplus.com *.yimg.com https://completr.appspot.com http://js.wincyahoocontent.com; frame-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; font-src 'self' https://d3durx270v4ts2.cloudfront.net/; connect-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://www.1-1ads.com/ads-api-v3; media-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self' http://ecx25.siteplug.com/ https://ecx25.siteplug.com/ http://*.inspsearchapi.com http://*.yahoo.com http://ad.adserver-pro.net https://*.yimg.com; 1
default-src 'self' ws:;script-src   'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.twitter.com *.twimg.com ajax.googleapis.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com;style-src     'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net https://use.typekit.net;font-src       'self' data: http://*.typekit.net https://*.typekit.net https://cdnjs.cloudflare.com;img-src         'self'  static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: p.typekit.net https://*.tile.osm.org http://*.tile.osm.org http://*.typekit.net https://*.typekit.net;frame-src     'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com https://www.google.com;connect-src 'self' https://api.parse.com/1/functions/search http://*.gleif.org https://*.gleif.org http://*.typekit.net https://*.typekit.net https://syndication.twitter.com/settings; 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src 'self' 'unsafe-inline' blob: https: iefix: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: * ajax.googleapis.com w.sharethis.com assets.juicer.io www.google-analytics.com connect.facebook.net facebook.com t.sharethis.com; object-src 'self' https: blob: * www.youtube.com; style-src 'self' https: 'unsafe-inline' * w.sharethis.com; img-src 'self' https: data: iefix: * graph.facebook.com w.sharethis.com l.sharethis.com scontent.xx.fbcdn.net www.google-analytics.com stats.g.doubleclick.net external.xx.fbcdn.net facebook.com; frame-src 'self' https: * w.sharethis.com seg.sharethis.com edge.sharethis.com www.youtube.com t.sharethis.com; font-src https: data: *; connect-src 'self' https: * w.sharethis.com l.sharethis.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com *.youtube.com *.google-analytics.com *.g.doubleclick.net https://s.ytimg.com/yts/jsbin/ *.googleadservices.com *.google.com *.google.cz http://platform.linkedin.com 1
img-src 'self' http://limelightgaming.net http://*.limelightgaming.net https://intern.limelightgaming.net http://discordapp.com https://discordapp.com http://*.discordapp.com https://*.discordapp.com https://steamuserimages-a.akamaihd.net http://prnt.sc https://ts3index.com http://*.prnt.sc prnt.sc *.prnt.sc http://prntscr.com http://*.prntscr.com prntscr.com http://dl.dropboxusercontent.com http://*.dl.dropboxusercontent.com dl.dropboxusercontent.com http://vgy.me http://*.vgy.me vgy.me *.vgy.me http://puu.sh http://*.puu.sh puu.sh *.puu.sh http://photobucket.com http://*.photobucket.com photobucket.com *.photobucket.com http://pinimg.com http://*.pinimg.com pinimg.com *.pinimg.com http://dropboxusercontent.com http://*.dropboxusercontent.com dropboxusercontent.com *.dropboxusercontent.com http://steamstatic.com http://*.steamstatic.com steamstatic.com *.steamstatic.com http://tinypic.com http://*.tinypic.com tinypic.com *.tinypic.com http://gravatar.com http://*.gravatar.com gravatar.com *.gravatar.com http://tumblr http://*.tumblr tumblr.com *.tumblr.com http://screenshot.net http://*.screenshot.net screenshot.net *.screenshot.net http://auplod.com http://*.auplod.com auplod.com *.auplod.com http://dropbox.com http://*.dropbox.com dropbox.com *.dropbox.com http://dropboxstatic.com http://*.dropboxstatic.com dropboxstatic.com *.dropboxstatic.com http://cloudflare.com http://*.cloudflare.com cloudflare.com *.cloudflare.com http://imgur.com http://*.imgur.com imgur.com *.imgur.com http://steampowered.com http://*.steampowered.com steampowered.com *.steampowered.com https://steamcommunity.com https://*.steamcommunity.com http://steamcommunity.com http://*.steamcommunity.com steamcommunity.com *.steamcommunity.com http://giphy.com http://*.giphy.com giphy.com *.giphy.com http://wikimedia.org http://*.wikimedia.org wikimedia.org *.wikimedia.org http://steamusercontent.com http://*.steamusercontent.com steamusercontent.com *.steamusercontent.com http://gametracker.com http://*.gametracker.com gametracker.com *.gametracker.com http://ggpht.com http://*.ggpht.com ggpht.com *.ggpht.com http://iconarchive.com http://*.iconarchive.com iconarchive.com *.iconarchive.com https://gyazo.com https://*.gyazo.com http://gyazo.com http://*.gyazo.com gyazo.com *.gyazo.com http://speedtest.net http://*.speedtest.net speedtest.net *.speedtest.net https://www.google-analytics.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru 1
default-src https://www.pitmodule.de http://www.pitmodule.de https://counter.pitmodule.de https://www.pitcom-webanalyse.de img-src 'self' data:; 1
script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' chat.oikeus.fi 'unsafe-inline' 'unsafe-eval'; img-src * 1
connect-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval' https://api-iam.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://api.hubspot.com;default-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval';font-src https://*.credimejora.com 'self' https://*.intercomcdn.com;frame-src 'self' https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://app.hubspot.com/;img-src https://*.credimejora.com 'self' data: https://s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.mx https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.intercomcdn.com https://*.intercomassets.com https://*.googletagmanager.com https://js.hs-scripts.com https://js.hs-analytics.net/ https://api.usemessages.com/ https://track.hubspot.com/;media-src https://*.credimejora.com 'self' https://s3.amazonaws.com https://*.intercomcdn.com;object-src https://*.credimejora.com;script-src https://*.credimejora.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://notify.bugsnag.com/ https://connect.facebook.net https://*.facebook.com https://www.google.com https://www.google.com.mx https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://stats.g.doubleclick.net https://csi.gstatic.com/ https://www.google-analytics.com https://ajax.googleapis.com https://maps.google.com https://www.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://ssl.mousestats.com https://www.mousestats.com https://widget.intercom.io https://api-ping.intercom.io https://api-iam.intercom.io https://js.intercomcdn.com https://static.intercomassets.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hs-analytics.net/ https://api.usemessages.com/ https://track.hubspot.com/ https://js.usemessages.com/;style-src https://*.credimejora.com 'self' 'unsafe-inline'; 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com vimeo.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.addthis.com *.googletagmanager.com *.twitter.com *.typekit.net *.ytimg.com *.mailchimp.com *.list-manage.com *.campaign-archive1.com *.campaign-archive.com *.willemen.be; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.mailchimp.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.twimg.com *.youtube.com *.google-analytics.com *.typekit.net *.facebook.com *.doubleclick.net *.googleapis.com *.gstatic.com *.mailchimp.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.sanitechniek.be  *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.twitter.com *.addthis.com *.facebook.net *.willemen.be *.devisubox.com *.facebook.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.gstatic.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.typekit.net *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com http://connect.ok.ru https://connect.ok.ru https://cdn.onesignal.com https://*.doubleclick.net https://onesignal.com http://*.googletagservices.com https://yastatic.net http://*.yandex.net https://*.yandex.net http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com feeds.feedburner.com feedburner.google.com counter.rambler.ru http://*.yandex.ru https://*.yandex.ru *.avtoed.com http://*.gstatic.com https://*.gstatic.com http://yandex.st https://yandex.st http://vk.com https://vk.com http://vk.comcdn.connect.mail.ru https://vk.comcdn.connect.mail.ru http://mc.yandex.ru https://mc.yandex.ru http://*.google-analytics.com https://*.google-analytics.com; object-src 'self' http://*.youtube.com https://*.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.yandex.ru https://*.yandex.ru http://*.yandex.net https://*.yandex.net http://*.gstatic.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://onesignal.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com; img-src * 'self' data: http://mc.yandex.ru https://mc.yandex.ru http://yastatic.net https://yastatic.net; media-src 'self'; frame-src 'self' http://connect.ok.ru https://connect.ok.ru http://platform.twitter.com https://platform.twitter.com https://onesignal.com http://*.avtoed.com http://orphus.ru http://*.yandex.net https://*.yandex.net http://*.yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net https://yandexadexchange.net http://*.yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net http://yastatic.net https://yastatic.net http://*.youtube.com https://*.youtube.com http://*.google.ru https://*.google.ru http://*.google.com https://*.google.com http://connect.mail.ru https://connect.mail.ru http://vk.com https://vk.com; font-src 'self' http://*.gstatic.com https://*.gstatic.com; connect-src 'self' https://onesignal.com https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ua https://*.yandex.ua http://*.youtube.com https://*.youtube.com http://*.google-analytics.com https://*.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.gstatic.com https://*.gstatic.com; 1
default-src 'self'; img-src 'self' http://hdsat.by http://uni-sat.ru http://yastatic.net http://*.mail.ru http://*.yandex.ru http://*.yadro.ru http://*.rambler.ru http://www.google.com/ http://*.recaptcha.net ; script-src https://*.yandex.ru http://*.recaptcha.net http://*.yandex.ru http://*.mixmarket.biz  http://counter.rambler.ru  http://code.jquery.com http://yandex.st http://*.google.com http://*.yandex.ru http://*.uni-sat.ru 'unsafe-eval' 'self' 'unsafe-inline'; frame-src *; object-src 'none'; font-src *; style-src 'unsafe-inline' 'self'; connect-src https://*.yandex.ru http://*.yandex.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inspectlet.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.googletagmanager.com *.stripe.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: i.ytimg.com i.vimeocdn.com *.inspectlet.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.listerhill.com; frame-src data: *.stripe.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.typeform.com zlcuma.secure.fundsxpress.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; connect-src 'self' *.inspectlet.com wss://ws.inspectlet.com 1
script-src 'self' 'nonce-774169070c66993c83bb3cd7fe33dca7'  *.reimage.com *.reimageplus.com  *.websecurity.norton.com *.googleapis.com *.doubleclick.net *.ywxi.net *.inspectlet.com *.googleadservices.com privacy-policy.truste.com;object-src 'self'  *.reimage.com *.reimageplus.com ;frame-src 'self'  *.reimage.com *.reimageplus.com  *.mcafeesecure.com;img-src 'self' data:  *.reimage.com *.reimageplus.com  *.websecurity.norton.com *.scanalert.com *.googleadservices.com *.doubleclick.net *.ywxi.net *.google.com *.google.co.il privacy-policy.truste.com; cookie-scope reimageplus.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/ga.js; style-src 'self' 'unsafe-inline' ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' *.bancorenner.com.br www.google-analytics.com netdna.bootstrapcdn.com idcloudwidget.icarvision.com viacep.com.br *.google.com *.googleapis.com *.gstatic.com data: blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bancorenner.com.br www.google-analytics.com netdna.bootstrapcdn.com idcloudwidget.icarvision.com viacep.com.br *.google.com *.googleapis.com data: blob: https:;img-src 'self' www.gstatic.com *.bancorenner.com.br www.google-analytics.com netdna.bootstrapcdn.com idcloudwidget.icarvision.com viacep.com.br *.google.com *.googleapis.com data: blob: https:;style-src 'self' 'unsafe-inline' *.bancorenner.com.br www.google-analytics.com netdna.bootstrapcdn.com idcloudwidget.icarvision.com viacep.com.br *.google.com *.googleapis.com *.gstatic.com data: blob: https:;font-src 'self' 'unsafe-inline' *.bancorenner.com.br  www.google-analytics.com netdna.bootstrapcdn.com idcloudwidget.icarvision.com viacep.com.br *.google.com *.googleapis.com *.gstatic.com data: blob: https:;object-src * blob: data: blob: https:;media-src * blob: data: blob: https: 1
default-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; frame-src https:; connect-src https:; manifest-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com/tr/; base-uri 'none'; object-src 'none' 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' wss://ws.bgogo.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com blob: data:; media-src 'none'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://sjs.bizographics.com *.google.com *.lord.com *.solosegment.com *.linkedin.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.ytimg.com https://*.addthis.com https://m.addthisedge.com https://accounts.livechatinc.com  https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://lord.actonservice.com https://cdn.livechatinc.com https://secure.livechatinc.com https://graph.facebook.com https://assets.adobedtm.com https://code.visitor-track.com https://sync.multiview.com https://www.rumiview.com https://ml314.com https://gateway.zscalertwo.net https://www.youtube.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.kaspersky-labs.com; object-src 'self'; style-src *.google.com 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://marketing.lord.com/ https://*.kaspersky-labs.com https://www.lord.com  https://*.solosegment.com https://translate.googleapis.com; img-src *.google.com https://www.gstatic.com https://www.googletagmanager.com https://csi.gstatic.com/ https://dev-lord.webcap.biz https://*.ytimg.com https://www.lord.com  https://www.google-analytics.com https://stats.g.doubleclick.net/ https://marketing.lord.com https://web.archive.org https://secure.livechatinc.com https://s7.addthis.com/  https://code.visitor-track.com https://www.rumiview.com/ https://sync.multiview.com/ https://static.licdn.com/ data: 'self' https://lordimb.files.wordpress.com https://gateway.zscalertwo.net https://m.addthis.com https://pa.solosegment.com https://www.linkedin.com https://*.solosegment.com https://www.lord.com/sites/all/themes/lordcorp/static/dist//img/grey.svg https://rrc.rlcdn.com https://www.microstrain.com https://lordelectronicmaterials.files.wordpress.com https://*.yandex.net https://captcha.gecirtnotification.com https://cdn.livechatinc.com https://dc.ads.linkedin.com; media-src 'self' https://cdn.livechatinc.com; frame-src https://www.youtube.com/ https://accounts.google.com/ https://marketing.lord.com/ https://apis.google.com/ https://secure.livechatinc.com https://sensorcloud.microstrain.com/ https://s7.addthis.com/ https://www.lord.com 'self' https://edge.addthis.com https://notify.bluecoat.com https://gateway.zscalertwo.net; font-src https://cdn.joinhoney.com https://api.couponmate.com https://themes.googleusercontent.com https://secure.livechatinc.com https://cdn.livechatinc.com https://fonts.gstatic.com/ 'self' data:; connect-src 'self' https://m.addthis.com/ https://s7.addthis.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://pa.solosegment.com https://www.linkedin.com https://*.solosegment.com https://marketing.lord.com; report-uri /admin/config/system/seckit/csp-report 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https: http://connect.ok.ru/connect.js http://vk.com/js/api/share.js?90&pfpvyh; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com https://cdnjs.cloudflare.com  http://svc.webspellchecker.net; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.ckeditor.com http://fonts.googleapis.com https://cdnjs.cloudflare.com http://svc.webspellchecker.net https://maxcdn.bootstrapcdn.com; img-src 'self' http://cdn.ckeditor.com http://www.google-analytics.com; media-src 'self' https://www.youtube.com/ ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://www.google.com http://164.100.127.45; font-src 'self' http://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; connect-src 'self' ; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'unsafe-inline' 'self' www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com googleads.g.doubleclick.net a.config.skype.com b.config.skype.com swx.cdn.skype.com  www.google.com https://www.gstatic.com js-agent.newrelic.com bam.nr-data.net tagmanager.google.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com tagmanager.google.com fonts.googleapis.com; img-src  'unsafe-inline' 'self' data: https://www.google-analytics.com stats.g.doubleclick.net https://www.google.com https://www.google.co.in www.msig.com.hk ssl.gstatic.com www.gstatic.com; frame-src 'self' https://www.youtube.com sp.zalo.me https://www.google.com bid.g.doubleclick.net https://www.facebook.com; font-src 'self' cdnjs.cloudflare.com data:; connect-src 'self' browser.pipe.aria.microsoft.com sp.zalo.me www.google-analytics.com www.google.com www.google.co.in; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.g.doubleclick.net https://s.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://infra.mcit.gov.sa https://cdn.ckeditor.com https://www.google.com/maps/embed https://maps.google.com/maps https://usf.maps.arcgis.com/apps/TimeAware/index.html; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: www.google-analytics.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com fonts.googleapis.com www.youtube.com themes.googleusercontent.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com twimg.com fonts.googleapis.com www.youtube.com themes.googleusercontent.com; style-src 'self' 'unsafe-inline' ton.twimg.com www.google-analytics.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com twimg.com fonts.googleapis.com www.youtube.com themes.googleusercontent.com; img-src 'self' data: ton.twimg.com pbs.twimg.com www.google-analytics.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com twimg.com fonts.googleapis.com www.youtube.com themes.googleusercontent.com; frame-src www.bing.com www.youtube.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com; font-src 'self' data: www.google-analytics.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com twimg.com fonts.googleapis.com www.youtube.com themes.googleusercontent.com fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.cookielaw.org optanon.blob.core.windows.net *.googleapis.com www.google-analytics.com secure.leadforensics.com code.jquery.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.myfonts.net optanon.blob.core.windows.net *.googleapis.com cdn.cookielaw.org; img-src 'self' data: www.google-analytics.com *.googleapis.com maps.gstatic.com optanon.blob.core.windows.net cdn.cookielaw.org secure.leadforensics.com; media-src 'self'; frame-src 'self' www.youtube.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com; connect-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://www.youtube.com https://stats.opportunity.de http://stats.opportunity.de https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'; connect-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://stats.opportunity.de https://maps.googleapis.com https://csi.gstatic.com https://maps.google.com https://maps.gstatic.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self' *.milchundzucker.de *.beesite.de *.googleapis.com *.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.milchundzucker.de *.beesite.de *.gstatic.com *.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.milchundzucker.de *.beesite.de *.googleapis.com; child-src *; img-src * data: blob: filesystem:; font-src 'self' *.milchundzucker.de *.beesite.de fonts.gstatic.com data:; media-src * 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com jugend.beteiligen.jetzt www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' api.mapbox.com *.mapbox.com 'unsafe-inline' *.google.com data: *.gstatic.com *.googleapis.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.soundcloud.com www.google.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; connect-src 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com  dev.webkommunikation24.de  *.gstatic.com *.google.com; report-uri https://projekt2012.webkommunikation24.de/mods/bewerten/csp-log.php 1
default-src ; script-src https://www.google-analytics.com https://js.driftt.com/ 'self' 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'self' *.entrecode.de https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' * *.entrecode.de data:; media-src *; child-src https://js.driftt.com/; font-src 'self' *.entrecode.de https://fonts.gstatic.com; connect-src entrecode.de *.entrecode.de https://www.hochzeitseinladungen.de https://www.google-analytics.com localhost:3003; manifest-src 1
default-src 'self' https://ajax.googleapis.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.gelegenheitsjobs.de 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com vjs.zencdn.net hello.myfonts.net *.dev; style-src 'unsafe-inline' 'self' fonts.googleapis.com vjs.zencdn.net hello.myfonts.net *.dev; img-src 'self' data: www.google-analytics.com maps.googleapis.com csi.gstatic.com maps.gstatic.com *.dev; connect-src 'self' www.youtube.com *.dev; object-src 'self' www.youtube.com *.dev; frame-src 'self' www.youtube.com *.dev; child-src 'self' www.youtube.com *.dev; font-src 'self' data: vjs.zencdn.net fonts.gstatic.com *.dev; 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data:  https://piwik.bzga.de/ https://www.bzga.de/ https://service.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src fonts.googleapis.com/css maxcdn.bootstrapcdn.com/font-awesome/ www.google.com/recaptcha/api2 www.google.com/recaptcha/api2/bframe www.google.com/recaptcha/api2/anchor player.vimeo.com/video/ www.it-recht-kanzlei.de/logo/ e.issuu.com/ 'self'; script-src player.vimeo.com/video/ f.vimeocdn.com www.gstatic.com/recaptcha/api2/ www.google.com/recaptcha/ verwaltung.geistheiler.info/ e.issuu.com/ cdn.ckeditor.com/ 'self' 'unsafe-eval'; style-src 'self'; font-src fonts.gstatic.com fonts.googleapis.com/css maxcdn.bootstrapcdn.com/font-awesome/ 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://*.google.com http://s7.addthis.com ; frame-ancestors 'none'; connect-src 'self' http://m.addthis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://code.jquery.com https://aff.bstatic.com http://aff.bstatic.com http://s7.addthis.com/ http://m.addthisedge.com http://m.addthis.com/ http://graph.facebook.com http://widgets.pinterest.com http://www.linkedin.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://code.jquery.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.google-analytics.com https://www.paypalobjects.com https://ak1s.abmr.net; font-src 'self' https://fonts.gstatic.com; worker-src 'self' www.google.com https://maps.google.com 1
default-src 'self' data: *.express-scripts.com *.accredo.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com *.everestjs.net *.cloudflare.com *.rawgit.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.s3.amazonaws.com *.dialogtech.com *.cloudfront.net; object-src 'self' *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.s3.amazonaws.com *.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.express-scripts.com *.accredo.com *.cloudflare.com *.s3.amazonaws.com *.amazonaws.com; img-src 'self' data: *.accredo.com accredo.com expressscripts.sc.omtrdc.net *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net esi-drupal-cdn-prod.s3.amazonaws.com; media-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.brightcove.com *.dotsub.com *.express-scripts.com *.accredo.com *.s3.amazonaws.com ; frame-src 'self' abesiemsen.github.io *.s3.amazonaws.com *.amazonaws.com *.s3.amazonaws.com ; child-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.express-scripts.com *.accredo.com; font-src * 'self' data: fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com *.amazonaws.com *.accredo.com accredo.com; connect-src 'self' *.express-scripts.com expressscriptsholdin.tt.omtrdc.net dpm.demdex.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net dotsub.com *.s3.amazonaws.com *.accredo.com; report-uri /report-csp-violation 1
default-src 'self'  'unsafe-inline' *.googlesyndication.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  *.jotfor.ms *.jotform.us *.jotform.com * .googleapis.com *.addthis.com *.googletagmanager.com *.facebook.net *.google.com *.gstatic.com *.newrelic.com *.google-analytics.com *.quantserve.com *.disqus.com *.disquscdn.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.disqus.com *.norton.com *.nr-data.net *.jsdelivr.net *.quantcount.com *.ckeditor.com *.webspellchecker.net *.google.com *.ted.com *.facebook.com ; object-src 'self'  *.jotform.com  *.jotfor.ms *.jotform.us  *.youtube.com *.vimeo.com *.soundcloud.com *.soundcloud.com *.ckeditor.com  *.webspellchecker.net *.ted.com; style-src 'self'  'unsafe-inline'   *.jotfor.ms *.jotform.us *.jotform.com *.googleapis.com *.addthis.com *.disquscdn.com *.disqus.com  *.jsdelivr.net *.ckeditor.com  *.webspellchecker.net *.google.com; img-src 'self' data: blob: filesystem: *; media-src 'self'  *.jotform.com  *.jotfor.ms *.jotform.us *.youtube.com *.vimeo.com *.soundcloud.com soundcloud.com  *.ted.com; frame-src 'self'  *.jotform.com *.jotform.io *.jotfor.ms *.jotform.us *.youtube.com *.vimeo.com *.soundcloud.com soundcloud.com  *.addthis.com *.google.com *.facebook.com  *.paypal.com *.disqus.com disqus.com *.googlesyndication.com  *.doubleclick.net *.ted.com; font-src 'self'  *.jotform.com  *.jotfor.ms *.jotform.us *.googleusercontent.com *.googleapis.com *.gstatic.com  *.jsdelivr.net; connect-src 'self' *.jotform.com  *.jotfor.ms *.jotform.us *.addthis.com *.nr-data.net  *.webspellchecker.net *.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data:; script-src 'self' https://www.google.com https://ajax.googleapis.com https://cdn.inspectlet.com https://cdn.pendo.io https://app.pendo.io https://browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://ajax.googleapis.com 'unsafe-inline' blob:; connect-src 'self' http://hn.inspectlet.com wss://ws.inspectlet.com https://filtermail.eu https://sentry.io; img-src 'self' http://hn.inspectlet.com https://app.pendo.io data:; 1
reflected-xss block 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: gallery.pdaa.edu.ua https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://r.i.ua https://get.mycounter.ua https://static.mycounter.ua https://counter.yadro.ru https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'none'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data:; report-uri /admin/settings/seckit/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.evidon.com; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://adv.bestgold.ru https://apis.google.com http://www.google-analytics.com http://*.yandex.ru https://*.yandex.ru http://*.jivosite.com http://yandex.st http://gold-affiliate.com https://gold-affiliate.com https://dadata.ru http://www.googleadservices.com ulogin.ru http://api.direct-credit.ru; 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net; script-src 'self' 'sha256-qGasMkiuQrknroPnujuLsj4kayMH/rdyIASc8vMa2f8=' 'sha256-mcrX4BtCZKT0+iKaPn3g6goeSr2betzvK4ymmZdtr4Q=' 'sha256-cJbjqIQxSKZJy30LDuwpYzkymRcNemkZLi8+Us30pIs=' 'sha256-uWyJaHVDbuFxVv07b32tUOUofANFReQYSVdJP0O7yns=' 'sha256-DbfA7s5mgyjWmK5XGh8F/ilmij9mAwUcFFBi/JAT3I8=' 'sha256-cJMXI6s5uZRFX8/pUQTp20tjnvCNHVKQmv1n0FW83dg=' https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://embed.tawk.to https://cdn.jsdelivr.net; img-src 'self' data: https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://syndication.twitter.com https://platform.twitter.com https://static-v.tawk.to https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://static-v.tawk.to; frame-src https://jobsaround.tv https://youtu.be https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com https://platform.twitter.com https://va.tawk.to; connect-src 'self' https://*.tawk.to wss://*.tawk.to; media-src https://static-v.tawk.to; object-src 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://res.cloudinary.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://res.cloudinary.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/ https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/masonry/ https://*.getclicky.com/ https://*.clicky.com/ https://translate.google.com/ https://translate.googleapis.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://res.cloudinary.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://*.getclicky.com/ https://*.clicky.com/ https://translate.googleapis.com/; img-src 'self' data: https://res.cloudinary.com/ https://translate.google.com https://*.getclicky.com/ https://*.clicky.com/ https://translate.googleapis.com/ https://www.google.com/ https://www.gstatic.com/; media-src 'self' https://res.cloudinary.com/; child-src 'self'; font-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; connect-src 'self' https://*.getclicky.com/ https://*.clicky.com/ https://translate.googleapis.com/; report-uri https://rsmg.report-uri.io/r/default/csp/enforce; 1
default-src 'self' *.youtube.com *.google.com *.gravatar.com data: *.typekit.net *.google-analytics.com *.amazonaws.com *.googleapis.com *.gstatic.com; style-src 'self' *.googleapis.com 'unsafe-inline' *.cloudfront.net; script-src 'self' 'unsafe-inline' *.polyfill.io *.newrelic.com *.nr-data.net *.cloudfront.net *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com; font-src 'self' *.gstatic.com data: *.typekit.net 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com www.theweedtube.com emb.d.tube player.twitch.tv www.twitch.tv; connect-src 'self' smoke.io rpc.smoke.io wss://rpc.smoke.io https://rpc.smoke.io pubrpc.smoke.io; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net assets.mantisadnetwork.com mantodea.mantisadnetwork.com 'sha256-9MdCJGZqoXb6/d816rvLgJt14oUMkZptgCfncCZfl5k=' secure.quantserve.com rules.quantcount.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' *.procom.ca www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com *.gstatic.com *.trackalyzer.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ajax.googleapis.com www.googletagmanager.com *.google-analytics.com t2.trackalyzer.com *.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' chart.googleapis.com *.livechatinc.com *.gstatic.com chart.apis.google.com *.google-analytics.com; font-src 'self' themes.googleusercontent.com cdnjs.cloudflare.com *.livechatinc.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com; media-src 'self' ; object-src 'self'; frame-src 'self' *.livechatinc.com *.gstatic.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; media-src * blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: dadu.ru *.dadu.ru https://dadu.ru https://www.dadu.ru japancar.ru www.japancar.ru static.japancar.ru *.static.japancar.ru greenpart.ru *.greenparts.ru wiweb.ru *.wiweb.ru qx9.ru *.qx9.ru jc9.ru *.jc9.ru justcommunication.ru www.justcommunication.ru *.google-analytics.com *.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net *.gstatic.com yandex.ru *.yandex.ru https://yandex.ru https://*.yandex.ru https://mc.yandex.ru yandex.net *.yandex.net https://yandex.net https://*.yandex.net counter.yadro.ru icq.com www.icq.com skype.com www.skype.com youtube.com www.youtube.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' http://cdn.jsdelivr.net http://cdn.ckeditor.com 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://taalvistahotel.com https://query.yahooapis.com https://ajax.googleapis.com https://www.taalvistahotel.com; object-src https://www.google.com/; style-src 'self' 'unsafe-inline' http://cdn.jsdelivr.net http://cdn.ckeditor.com unsafe-eval https://taalvistahotel.com https://www.taalvistahotel.com; img-src 'self' http://cdn.ckeditor.com unsafe-eval http://taalvistahotel.com https://www.google-analytics.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://taalvistahotel.com; frame-src https://www.google.com/ https://www.taalvistahotel.com http://www.taalvistahotel.com taalvistahotel.com; font-src 'self' 'unsafe-inline' http://cdn.jsdelivr.net https://s3-us-west-2.amazonaws.com; connect-src https://www.google-analytics.com https://www.taalvistahotel.com taalvistahotel.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ssl.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com; img-src 'self' code.jquery.com ssl.google-analytics.com; media-src 'self'; frame-src 'self'; font-src 'self' fonts.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com https:; 1
default-src 'self'  https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com  https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://js.braintreegateway.com https://*.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com  https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; object-src 'self' https://*.youtube.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com  https://static.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com  https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; img-src 'self' data:  https://static.olark.com https://log.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com  https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; media-src 'self'  https://static.olark.com https://*.youtube.com; frame-src 'self' https://www.elegantthemes.com/ https://assets.braintreegateway.com https://static.olark.com https://vars.hotjar.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com https://www.google.com https://*.hotjar.com recaptcha/; font-src 'self' data: https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com https://*.fontawesome.com https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com; connect-src 'self' wss://ws4.hotjar.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://nrpc.olark.com https://*.webbfabriken.com http://*.webbfabriken.uk http://*.webbfabriken.dk http://*.webbfabriken.de http://*.webbfabriken.us http://*.webbfabriken.in  https://*.netdna-ssl.com  https://*.crazyegg.com https://*.googletagmanager.com https://*.swicpc.bankgirot.se https://www.google.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com  https://stats.g.doubleclick.net  https://wfmaxcdn-webbfabrikencom.netdna-ssl.com https://smarticon.geotrust.com https://*.google.com https://*.facebook.com https://*.inreda.com https://*.addthis.com https://*.providesupport.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.google-analytics.com ;report-uri https://www.webbfabriken.com/_sys/csp_report_log/insert.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' io.clickguard.com connect.facebook.net www.googleadservices.com trustlogo.comodo.com ajax.googleapis.com platform.twitter.com www.google-analytics.com ajax.googleapis.com s.yimg.com bat.bing.com static.ads-twitter.com sp.analytics.yahoo.com platform.twitter.com analytics.twitter.com *.google-analytics.com cdnjs.cloudflare.com seal.websecurity.norton.com 0.r.msn.com www.googletagmanager.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' essiacproducts.com www.essiacproducts.com stats.g.doubleclick.net www.facebook.com trustlogo.comodo.com googleads.g.doubleclick.net *.google-analytics.com bat.bing.com www.google.com www.google.ca t.co seal.websecurity.norton.com tracking.admarketplace.net; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com; connect-src 'self' www.google-analytics.com static.ads-twitter.com stats.g.doubleclick.net *.essiacproducts.com io.clickguard.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.jquery.com *.webspellchecker.net *.addtoany.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com *.exchange.jo track.adform.net img04.en25.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo *.local *.dotdemos.com  *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net track.adform.net; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.google-analytics.com *.gstatic.com *.local *.dotdemos.com *.pex.ps 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com track.adform.net; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.local *.dotdemos.com 91.121.113.128:8080 bankofjordan.com.ps *.bankofjordan.com bankofjordan.com c1.adform.net; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com 91.121.113.128:8080 *.bankofjordan.com bankofjordan.com track.adform.net; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.jquery.com *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com *.google-analytics.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com exchange.jo  *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.ckeditor.com *.googleapis.com *.gstatic.com *.local *.dotdemos.com *.jordanislamicbank.com *.google-analytics.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com  *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; frame-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com  *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com  *.local *.dotdemos.com *.dot.jo *.jordanislamicbank.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://*.triplevision.nl; child-src 'self' https://*.triplevision.nl https://triplevisiondigital.com https://www.google.com https://paypal.com https://vimeo.com https://youtube.com https://twitter.com https://*.logrocket.com data: blob:; connect-src 'self' https:; font-src 'self' https:; frame-src 'self' https://blackfire.io; img-src 'self' data: http: https:; script-src 'self' https://*.triplevision.nl https://ajax.googleapis.com https://cdn.ampproject.org https://cdn.logrocket.com https://code.jquery.com https://platform.twitter.com https://maps.googleapis.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com data: https: 'unsafe-inline'; style-src 'self' https://*.triplevision.nl https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://*.twimg.com 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.vtb.ge; object-src 'self' https://*.vtb.ge; frame-src 'self' https://*.vtb.ge 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' http://cdn.jsdelivr.net/bootstrap/ https://cdn.jsdelivr.net/bootstrap/ *.google-analytics.com platform.twitter.com *.facebook.net *.optnmnstr.com a.optmstr.com https://secure-ds.serving-sys.com/SemiCachedScripts/ https://bs.serving-sys.com/Serving ajax.googleapis.com pi.pardot.com cdn.pardot.com widget.trustpilot.com *.optimizely.com *.googletagmanager.com *.googleadservices.com bat.bing.com secure.quantserve.com rules.quantcount.com cdn.ckeditor.com googleads.g.doubleclick.net www.google.com www.google.co.uk snap.licdn.com px.ads.linkedin.com www.linkedin.com dc.ads.linkedin.com rec.smartlook.com a.optmnstr.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdn.ckeditor.com; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src 'self' api.optnmstr.com api.optnmnstr.com api.optmstr.com api.optmnstr.com *.optimizely.com www.google-analytics.com www.facebook.com syndication.twitter.com stats.g.doubleclick.net secure-ds.serving-sys.com a.mstrlytcs.com widget.trustpilot.com manager.smartlook.com writer.smartlook.com writer-mobile.smartlook.com heatmap-writer.smartlook.com writer-sg.smartlook.com www.google.co.uk www.google.com events-writer.smartlook.com; report-uri /report-csp-violation 1