Values for x-webkit-csp:
frame-ancestors 'self' 55
default-src 'self' 'unsafe-inline' 31
default-src 'self' 28
report-uri /report-csp-violation 28
report-uri /report-csp-violation; upgrade-insecure-requests 24
about: 12
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 11
frame-ancestors https://app.storyblok.com/ 5
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com 4
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com https://extend.vimeocdn.com https://storage.googleapis.com https://js.navattic.com https://js.qualified.com https://wpaassets.blob.core.windows.net https://www.youtube.com https://vimeo.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com *.qualified.com; report-uri /report-csp-violation 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self' admin.prod.gsb.bmel.in.bund.de;upgrade-insecure-requests; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3
base-uri 'self' https://*.vbrick.com;child-src 'self' https://*.vbrick.com;connect-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com  https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com  https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.jsdelivr.net *.googleapis.com *.jquery.com *.vimeo.com *.vimeocdn.com *.cookielaw.org *.vimeocdn.com *.airbud.io unpkg.com:* *.cloudflare.com *.google.com *.montefioreeinstein.org *.montefiore.org www.montefiore.org mychart.montefiore.org npmychart.montefiore.org *.localizejs.com *.localizecdn.com *.123formbuilder.com *.ctctcdn.com *.blackbaudcdn.net *.go-mpulse.net  *.ada.support *.blackbaudhosting.com *.googletagmanager.com *.blackbaud.com *.youtube.com *.gstatic.com *.perfalytics.com api.perfalytics.com perfalytics.com *.launchdarkly.com *.akstat.io *.jquery.com *.flywire.com *.bootstrapcdn.com *.ctctcdn.com s3.amazonaws.com/downloads.mailchimp.com/ *.jwpcdn.com *.youtube-nocookie.com cdn.plyr.io assets.gyant.com pds.fabrichealth.com pds.stage.fabrichealth.com pds.qa.fabrichealth.com pds.dev.fabrichealth.com *.kameleoon.com *.kameleoon.io *.kameleoon.eu *.kameleoon.net; upgrade-insecure-requests 3
default-src 'self' blob: '*.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com energieag.cdn.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com static.cloudflareinsights.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org *.tiktok.com *.tiktokw.us *.snapchat.com *.adnxs.com 'unsafe-inline' 'unsafe-eval' data: 3
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 3
frame-ancestors *; report-uri /report-csp-violation 3
frame-ancestors 'self' weleda.sabio.de 3
default-src 'self'; script-src 'unsafe-inline'  'unsafe-eval'  'self' *.bizzdesign.com pi.pardot.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com fast.wistia.net api.ipify.org moderate.cleantalk.org fd.cleantalk.org dywrfp5ctng3l.cloudfront.net blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net dywrfp5ctng3l.cloudfront.net; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.nl *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com stats.g.doubleclick.net; media-src data: 'self' *.bizzdesign.com; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com fast.wistia.net www.google.com/; frame-ancestors 'self' *.bizzdesign.com; child-src 'self' *.bizzdesign.com ; font-src 'self' *.bizzdesign.com fonts.gstatic.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com  *.google.com  ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com pipedream.wistia.com fast.wistia.net fd.cleantalk.org bizzdesign.pinpointhq.com; report-uri /policies/privacy-policy; upgrade-insecure-requests 3
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-96ggqj2n7-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com https://*.bablic.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 3
default-src 'self' *.optimizely.com wss://*.hotjar.com https: s.webtrends.com survey.bosch.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://storage.googleapis.com https://cdn.jsdelivr.net https://malsup.github.io https://static.cloudflareinsights.com https://telegram.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://netdna.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com https://netdna.bootstrapcdn.com data:; img-src 'self' data: https: blob:; media-src 'self' data: blob:; connect-src 'self' blob: https://api.pwagroup.ai wss://api.pwagroup.ai https://ads.pwagroup.ai https://preview.pwagroup.ai https://sentry.pwastage.xyz https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://malsup.github.io https://telegram.org https://oauth.telegram.org; worker-src 'self' blob:; manifest-src 'self'; frame-src https://telegram.org https://oauth.telegram.org https://preview.pwagroup.ai https://www.youtube.com; frame-ancestors 'self' https://dash.pwa.group https://preview.pwa.group https://*.pwa.group https://*.pwagroup.ai; base-uri 'self'; form-action 'self' https://preview.pwagroup.ai; object-src 'none'; upgrade-insecure-requests; report-uri https://dash.pwa.group/api/101/csp-report; 3
base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.wikimedia.org *.youtube.com www.quirksmode.org *.sample-videos.com *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net userlike-cdn-umm.b-cdn.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 2
default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.dynamicyield.com *.bootstrapcdn.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech  mycliplister.com wss://*.hotjar.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src 'self' blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self' 'sha256-ieoeWczDHkReVBsRBqaal5AFMlBtNjMzgwKvLqi/tSU='; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-De7agAeYqm6ANIVvRRW6HFWi52AJW8inhFE0gSdgXnI=' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 2
upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://widget.rather.chat https://widget.rather.chat/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; img-src 'self' data: https://p.typekit.net https://tawk.link https://tawk.link/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://flagcdn.com https://flagcdn.com/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-src 'self' https://www.oldmutual.co.za/ https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.uapoldmutual.co.ug https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.zoho.com https://*.rather.chat https://*.rather.chat/* https://maps.googleapis.com/maps/* https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.company-target.com https://widget.rather.chat https://widget.rather.chat/* https://js-cdn.dynatrace.com/jstag/15fc9f135f3/bf62395jrv/a207cbaa8e544abe_complete.js https://js-cdn.dynatrace.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com 2
default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net base-uri 'self'; connect-src 'self' .pstmn.io https://zer-poc.bzst.de  *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2
frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com tracking-api.g2.com www.facebook.com https://lottie.host https://unpkg.com cdn.jsdelivr.net *.onetrust.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://unpkg.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.bmftr.bund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do player.vimeo.com; frame-ancestors 'self'; 2
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2
default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 2
frame-ancestors 'none' 2
default-src 'self'; script-src  'self' https://l.sharethis.com https://prod.impartner.live https://ellucian25stg.prod.acquia-sites.com https://*.ellucian.com https://code.jquery.com https://packages.prmcdn.io 'unsafe-inline' 'unsafe-eval' https://ws.sharethis.com https://maps.googleapis.com https://jamaica.value-cloud.com https://*.sharethis.com https://www.buzzsprout.com https://consent.cookiebot.com https://www.googletagmanager.com https://cdn.bizible.com https://script.crazyegg.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://abrtp2-cdn.marketo.com https://tag.simpli.fi https://assets.adoberesources.net https://cdn-public.sociabble.com https://cdn01.basis.net  https://www.youtube.com https://googleads.g.doubleclick.net https://tracking.intentsify.io https://consentcdn.cookiebot.com https://js.zi-scripts.com https://j.6sc.co https://i.simpli.fi   https://*.marketo.com https://static.addtoany.com  blob: https://unpkg.com https://a.usbrowserspeed.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://085-mht-312.mktoutil.com https://user-sync.fwmrm.net https://pbutcher.uk; style-src  'self'  'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.ellucian.com https://packages.prmcdn.io https://*.sharethis.com https://rtp-static.marketo.com https://www.googletagmanager.com; img-src  'self'  'unsafe-inline' 'unsafe-eval' https://*.ellucian.com data: https://impartner.blob.core.windows.net https://maps.googleapis.com https://*.sharethis.com https://maps.gstatic.com https://cnv.event.prod.bidr.io https://www.google.com https://imgsct.cookiebot.com https://*.linkedin.com https://t.co https://pixel.sitescout.com https://cdn.bizible.com https://t.co https://analytics.twitter.com  https://cdn.bizible.com  https://b.6sc.co https://www.facebook.com https://www.googletagmanager.com https://attribution.sitescout.com https://assets.adoberesources.net https://cdn.bizibly.com https://um.simpli.fi https://cm.g.doubleclick.net https://cdn.bizibly.com https://fei.pro-market.net https://www.googleadservices.com https://ps.eyeota.net https://s.ad.smaato.net https://sync.1rx.io https://eb2.3lift.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.intentiq.com https://image2.pubmatic.com  https://ads.stickyadstv.com https://loadm.exelator.com  https://ups.analytics.yahoo.com https://sync.bfmio.com  https://bcp.crwdcntrl.net  https://ce.lijit.com  https://idsync.rlcdn.com  https://ib.adnxs.com  https://pixel.rubiconproject.com https://us-u.openx.net  https://fei.pro-market.net https://googleads.g.doubleclick.net  https://pixel.tapad.com https://pippio.com https://syncv4.intentiq.com https://dsum-sec.casalemedia.com https://d.agkn.com https://sync.taboola.com https://capi.connatix.com https://rtb-csync.smartadserver.com https://cs.lkqd.net  https://sync.inmobi.com https://s.amazon-adsystem.com; frame-src 'self' https://www.youtube.com https://youtu.be https://lp.ellucian.com https://www.youtube-nocookie.com https://demo.arcade.software https://*.sharethis.com https://maps.googleapis.com https://calculator.value-cloud.com https://www.buzzsprout.com  https://consentcdn.cookiebot.com https://www.googletagmanager.com https://pixel-sync.sitescout.com https://player.vimeo.com https://vimeo.com https://static.addtoany.com https://unpkg.com https://*.monday.com https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src  'self'  'unsafe-inline' 'unsafe-eval' http://www.geoplugin.net https://www.geoplugin.net https://ellucian25stg.prod.acquia-sites.com https://partners.ellucian.com https://maps.googleapis.com https://*.sharethis.com https://event.on24.com https://bcp.crwdcntrl.net https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.linkedin.com https://085-mht-312.mktoresp.com https://*.crazyegg.com https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io  https://js.zi-scripts.com https://js.zi-scripts.com https://*.mktoresp.com https://js.zi-scripts.com https://c.6sc.co https://*.marketo.com  https://ws.zoominfo.com https://ipv6.6sc.co wss://*.cloud.adobe.io https://secure.adnxs.com https://www.facebook.com https://*.6sense.com  https://unpkg.com https://assets.adoberesources.net https://browser.sentry-cdn.com https://o4510076484911104.ingest.us.sentry.io https://static.addtoany.com https://impartner.blob.core.windows.net https://www.googletagmanager.com https://085-mht-312.mktoutil.com https://lp.ellucian.com https://*.monday.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gtranslate.net connect.facebook.net/en_US/sdk.js stats.st-denis.cloud-ed.fr translate.google.com *.googleapis.com *.formnx.com; object-src 'self'; style-src 'self' 'unsafe-inline' www.gstatic.com; img-src 'self' data: blob: apicivique.s3.eu-west-3.amazonaws.com cdn.gtranslate.net plainecommune.fr fonts.gstatic.com www.gstatic.com www.google.fr translate.googleapis.com *.google.com; frame-src *; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' apicivique.s3.eu-west-3.amazonaws.com/jvalogo.svg cdn.gtranslate.net stats.st-denis.cloud-ed.fr connect.facebook.net *.googleapis.com *.formnx.com translate.google.com *.gstatic.com; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at  https://*.google-analytics.com  https://*.google.com  https://*.google.at  https://*.doubleclick.net  https://*.youtube.com  https://youtu.be https://*.ytimg.com  https://*.facebook.com  https://*.vimeocdn.com  https://vimeo.com  https://*.vimeo.com  https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at  https://*.youtube.com   https://*.googletagmanager.com  https://*.google-analytics.com  https://*.hotjar.com  https://*.facebook.net  https://*.g.doubleclick.net  https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app https://static.d-o.li; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com  https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at https://*.datadialog.net https://*.fsoforms-gl2ktest.azurewebsites.net https://*.fsoforms-gl2k.azurewebsites.net https://fsoforms-gl2ktest.azurewebsites.net https://gl2kauthserver.azurewebsites.net; frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at; child-src 'self' *.global2000.at blob: https://*.google.com  https://*.ubembed.com https://*.google.at  https://*.googletagmanager.com  https://*.openstreetmap.org  https://vimeo.com  https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org  https://*.buzzsprout.com  https://*.spotteron.com  https://*.typeform.com https://*.facebook.com  https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com  https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com  https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app https://chatbot.api.digitalorganizing.ch/; report-uri /report-csp-violation 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self' data:; connect-src 'self' https://www.google-analytics.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com  ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.uno.uk/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 2
default-src 'self' data: drupal.org *.typekit.net *.crazyegg.com; script-src 'unsafe-inline' 'self' data: drupal.org *.typekit.net www.youtube.com cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com www.googletagmanager.com gov-bam.nr-data.net js-agent.newrelic.com *.crazyegg.com static.adds-twitter.com snap.licdn.com *.teads.tv connect.facebook.net *.linkedin.com *.doubleclick.net *.facebook.com px.ads.linkedin.com cdn.linkedin.oribi.io static.ads-twitter.com s.go-mpulse.net c.go-mpulse.net *.osano.com analytics.google.com blob:; style-src 'unsafe-inline' 'self' data: blob: drupal.org *.typekit.net cdnjs.cloudflare.com themes.googleusercontent.com unpkg.com cdn.jsdelivr.net www.google-analytics.com www.google.com www.gstatic.com fonts.googleapis.com *.fonts.net *.osano.com *.crazyegg.com; img-src 'self' www.facebook.com www.youtube.com analytics.twitter.com t.co www.google-analytics.com www.google.com *.teads.tv px.ads.linkedin.com www.googletagmanager.com www.linkedin.com data: *.crazyegg.com; media-src 'self' www.youtube.com; frame-src 'self' www.youtube.com www.facebook.com www.google.com html5-player.libsyn.com playlist.megaphone.fm www.podcastone.com p.teads.tv fledge.teads.tv *.osano.com *.crazyegg.com; child-src 'self' data: blob: drupal.org *.typekit.net *.osano.com; font-src 'self' fonts.gstatic.com fast.fonts.net; connect-src 'self' data: drupal.org *.typekit.net www.google-analytics.com cdn.linkedin.oribi.io cm.teads.tv *.doubleclick.net *.crazyegg.com bam.nr-data.net www.facebook.com t.teads.tv *.osano.com c.go-mpulse.net *.akstat.io analytics.google.com *.akamaihd.net px.ads.linkedin.com 1
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline'; allow 'self'; img-src * 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors *.postman.co www.postman.com; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com client-proxy.pstmn.io chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.loom.com/embed/ https://connect.us.integrations.postmancloud.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://postman.zendesk.com/ https://runtime-assets.pstmn.io/ https://www.postman.com/complete-checkout; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; media-src 'self' https://flows-assets.pstmn.io/ https://skills-assets.pstmn.io/ https://runtime-assets.pstmn.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-vdfTXwwxBcbXyd+4hLA+QyoU3W3sHz6dFiRF7DHss/qWzEFE'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co https: wss://live.postman.com wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.youtube.com *.google.com *.googletagmanager.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.here.com *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it *.adobe.com; worker-src 'self' blob: *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.here.com *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://impactapi.causeview.com https://maps.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://chimpstatic.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://downloads.mailchimp.com https://mc.us1.list-manage.com https://matchbox.hepdata.com https://commerce.coinbase.com https://data.processwebsitedata.com https://fe.sitedataprocessing.com https://cdn.jsdelivr.net/npm/search-insights@2.13.0/dist/search-insights.min.js https://platform.twitter.com https://challenges.cloudflare.com https://cdn.mouseflow.com https://cdn.jsdelivr.net/npm/search-insights@2.17.3 https://cdn.matomo.cloud https://googleads.g.doubleclick.net https://a.usbrowserspeed.com https://d-code.liadm.com https://googleads.g.doubleclick.net https://mises.matomo.cloud https://cdnjs.cloudflare.com; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com https://impactapi.causeview.com  https://live-mises-api.pantheonsite.io https://cdn-images.mailchimp.com https://matchbox.hepdata.com/ https://www.googletagmanager.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org https://impactapi.causeview.com; upgrade-insecure-requests 1
connect-src * 'self' 1
object-src none 1
frame-ancestors *.payback.de 1
default-src 'self' ; connect-src 'self' piwik.itzbund.de matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com playout.3qsdn.com klimacampus.org start.video-stream-hosting.de *.bne.unesco.de; img-src 'self' data: piwik.itzbund.de matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com doo.net piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; connect-src 'self' *.itzbund.de *.dtvp.de; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-wGg0bAGxU4Vso2lT204XzQ==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se klimatanpassningsradet.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://youtube.com/ https://cnes.matomo.cloud/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://cdn.matomo.cloud/cnes.matomo.cloud/ cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://www.tiktok.com https://www.instagram.com/ https://platform.twitter.com/ https://www.myadvent.net/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ https://*.cnes.fr; object-src 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com https://*.cnes.fr; style-src 'self' 'unsafe-inline' https://cdn.tarteaucitron.io/css/ cdn.tarteaucitron.io/css/ https://fonts.googleapis.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/; img-src 'self' data: https://i.ytimg.com https://*.tile.openstreetmap.fr 'unsafe-inline' https://tarteaucitron.io/log/ tarteaucitron.io/log/ https://content.milibris.com/ https://*.cnes.fr; media-src 'self' https://podcast.cnes.fr/ https://www.podcast.cnes.fr/ https://*.cnes.fr; frame-src 'self' https://youtube.com https://www.youtube.com player.vimeo.com  youtube.com www.youtube.com https://youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://videotheque.cnes.fr/ https://app.myadvent.net/ https://www.facebook.com/ https://www.linkedin.com/  https://www.instagram.com/ https://platform.twitter.com/  https://www.tiktok.com/ https://open.spotify.com/ https://*.twitch.tv https://*.cnes.fr; frame-ancestors 'self' https://youtube.com/ https://www.youtube.com/ youtube.com www.youtube.com https://youtube-nocookie.com/ youtube-nocookie.com  https://tarteaucitron.io/ tarteaucitron.io https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://*.cnes.fr; child-src 'self'  https://tarteaucitron.io tarteaucitron.io https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://cdn.cafeyn.co; connect-src 'self' 'unsafe-inline' https://cnes.matomo.cloud/ https://cdn.matomo.cloud/cnes.matomo.cloud/ https://tags.data-driven.fr cdn.matomo.cloud/cnes.matomo.cloud https://tags.data-driven.fr/tags/ tags.data-driven.fr/tags https://tarteaucitron.io/ tarteaucitron.io https://cdn.tarteaucitron.io/ cdn.tarteaucitron.io https://content.milibris.com/ https://www.tiktok.com  https://*.cnes.fr 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1
default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com https://download1.pornbox.com download1.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://*.1ka.com *.1ka.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://*.agego.com *.agego.com https://*.yoti.com *.yoti.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-k8s.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com wss://lb-private-chat-beta-k8s.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.agego.com *.agego.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect https://*.googleapis.com *.googleapis.com https://*.firebaseio.com *.firebaseio.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://fonts.gstatic.com fonts.gstatic.com data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://accounts.google.com accounts.google.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://translate.google.com translate.google.com https://*.agego.com *.agego.com https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com apis.google.com https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1
default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; Content-Security-Policy: default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; 1
frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://uat.hlisb.com.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.hlisb.com.my https://www.hlb.com.kh https://www.hlbank.com.sg https://www.hlbank.com.vn https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my  https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my https://10.103.8.91 wss://10.103.8.91 1
script-src 'nonce-5322ecd7-c2db-444e-a425-20cc68b9a0de' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1
base-uri 'self';child-src blob:;connect-src 'self' sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com webpack: *.algolia.net *.algolianet.com *.adnxs.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io api.widget.botmind.ai privacyportal-fr.onetrust.com bat.bing.com bat.bing.net geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com *.googleadservices.com *.facebook.com googleads.g.doubleclick.net *.hotjar.io *.google-analytics.com metrics.relaischateaux.com *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com mapsresources-pa.googleapis.com ct.pinterest.com log.pinterest.com *.contentsquare.net *.contentsquare.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self' *.adyen.com *.adyenpayments.com;frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com recaptcha.net www.google.com www.googletagmanager.com *.adyen.com *.relaischateaux.com ct.pinterest.com;img-src 'self' data: blob: *.relaischateaux.com *.gstatic.com *.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com bat.bing.net www.facebook.com ib.adnxs.com *.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com *.googletraveladservices.com *.googletagmanager.com googleads.g.doubleclick.net *.adyen.com *.yahoo.com *.yahoodns.net *.yimg.com relay-t.io *.relay-t.io secure-relay.com *.secure-relay.com secure-hotel-tracker.com *.secure-hotel-tracker.com *.cloudfront.net assets.relaischateaux.com static.tacdn.com www.tripadvisor.com ct.pinterest.com log.pinterest.com *.contentsquare.net;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com recaptcha.net www.gstatic.com www.google.com *.adyen.com *.actito.be secure-hotel-tracker.com *.googleadservices.com *.yahoo.com *.yahoodns.net *.yimg.com s.pinimg.com ct.pinterest.com t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com *.googletagmanager.com;worker-src 'self' blob:;upgrade-insecure-requests ; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com;; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com *.youtube.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com youtu.be *.youtube.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube.com *.youtube-nocookie.com youtu.be *.youtube.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com youtu.be *.youtube.com *.ytimg.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1
base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-lvb02dx09-incident-io-team.vercel.app;default-src 'self';font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio https://www.sanity.io;frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com;img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com *.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com https://fonts.cdnfonts.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com id.gov.ua *.sentry-cdn.com *.sentry.io dzo-market-206424851631.s3.eu-central-1.amazonaws.com google.com; connect-src 'self'  https://*.prozorro.gov.ua  https://public-api-staging.prozorro.gov.ua  https://public-docs-staging.prozorro.gov.ua  https://*.google-analytics.com  https://www.googletagmanager.com  https://fonts.cdnfonts.com  https://fonts.googleapis.com  https://fonts.gstatic.com  https://*.sentry.io  https://*.sentry-cdn.com  https://*.facebook.net  https://*.doubleclick.net  https://*.cipher.kiev.ua  data: blob:; 1
base-uri 'none';child-src 'none';connect-src 'self' https://www.facebook.com https://www.google.com https://www.google.com.ar https://www.google-analytics.com https://analytics.google.com http://static.ads-twitter.com http://script.crazyegg.com http://onelinksmartscript.appsflyer.com https://*.amplitude.com https://www.googletagmanager.com https://facebook.net https://analytics.tiktok.com https://map-handler.qa.playdigital.com.ar https://stats.g.doubleclick.net https://tracking.crazyegg.com https://*.crazyegg.com https://go.botmaker.com https://cdn.freshbots.ai https://www.freshbots.ai https://m-infra.appspot.com wss://ws.botmaker.com *.freshbots.ai *.crazyegg.com *.botmaker.com *.googleapis.com *.playdigital.com.ar *.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;form-action 'self';frame-ancestors *;frame-src 'self' https://*.doubleclick.net https://*.modo.com.ar https://www.googletagmanager.com/ https://maps.googleapis.com https://www.google.com;img-src 'self' data: www.afip.gob.ar www.argentina.gob.ar modo.onelink.me *.playdigital.com.ar https://t.co https://analytics.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://assets.mobile.preprod.playdigital.com.ar https://assets.mobile.qa.playdigital.com.ar https://assets.mobile.develop.playdigital.com.ar https://assets.mobile.playdigital.com.ar https://s3.amazonaws.com https://www.google.com a.storyblok.com www.google.com.ar www.facebook.com storage.googleapis.com www.googletagmanager.com *.doubleclick.net;manifest-src 'self';media-src https://storage.googleapis.com *.playdigital.com.ar *.googleapis.com;object-src https://amplitude.com;prefetch-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://connect.facebook.net https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com https://www.googleadservices.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.freshbots.ai;worker-src 'self' *.modo.com.ar blob:;script-src-elem 'self' 'unsafe-inline' https://www.googleadservices.com https://cdn.freshbots.ai https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://*.googleapis.com https://www.google.com.ar http://script.crazyegg.com http://onelinksmartscript.appsflyer.com http://static.ads-twitter.com https://www.facebook.com https://go.botmaker.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://snap.licdn.com;report-uri /api/reporting;report-to /api/reporting; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; object-src *; style-src * 'self' 'unsafe-inline' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; img-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; media-src *; frame-src * https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:; https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com; connect-src * 'self' https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com 1
base-uri 'none';child-src 'self' https://*.twitch.tv https://*.youtube.com;connect-src *;default-src 'self';font-src * data:;form-action 'self' *;frame-ancestors 'self' http://localhost:1337 https://*.gam3s.gg https://*.polkastarter.gg https://farcaster.xyz https://thumbgen.gam3s.gg;frame-src *;img-src * data: blob:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src * data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vast.gg https://static.ads-twitter.com https://www.redditstatic.com https://connect.facebook.net https://gleam.io https://widget.gleamjs.io https://*.google-analytics.com https://vercel.live https://*.hotjar.com https://*.cookie3.co https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://cdn.blockpass.org https://do.featurebase.app https://metrics.gam3s.gg https://us.i.posthog.com https://us-assets.i.posthog.com https://*.posthog.com https://insights.gam3s.gg https://challenges.cloudflare.com https://ads.adthrive.com https://*.adthrive.com https://*.3lift.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://www.googletagservices.com https://www.googleadservices.com https://*.googletagmanager.com https://ep2.adtrafficquality.google https://imasdk.googleapis.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://cdn.id5-sync.com https://*.cdn.optable.co https://ads.pubmatic.com https://*.sharethrough.com https://groundcontrol.rendering.sharethrough.com https://d9.flashtalking.com https://servedby.flashtalking.com https://*.flashtalking.com https://sb.scorecardresearch.com https://cdn.brandmetrics.com https://collector.brandmetrics.com https://cdn.confiant-integrations.net https://*.adform.net https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io https://*.consentmanager.net https://choices.truste.com https://*.rubiconproject.com https://fastlane.rubiconproject.com https://*.lkqd.net https://cs.lkqd.net https://c.aps.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://static.cloudflareinsights.com https://pixel.adsafeprotected.com https://content.quantcount.com https://creative-measurement.quantcount.com https://pghub.io https://s0.2mdn.net https://*.safeframe.googlesyndication.com/ https://*.yahoo.com https://*.ybp.yahoo.com https://*.adsrvr.org https://*.criteo.com https://*.criteo.net https://*.indexexchange.com https://*.casalemedia.com https://*.openx.net https://*.openx.com https://*.sovrn.com https://*.lijit.com https://*.aidemsrv.com https://*.33across.com https://*.yieldmo.com https://*.medianet.com https://*.contextweb.com https://*.improvedigital.com https://*.smartadserver.com https://*.teads.tv https://*.outbrain.com https://*.taboola.com https://*.smaato.net https://*.bidswitch.com https://*.admixer.net https://*.adsafeprotected.com https://*.moatads.com https://*.doubleverify.com https://*.fwmrm.net https://*.serving-sys.com https://*.undertone.com https://*.advertising.com https://*.adtech.de https://*.quantserve.com https://*.com https://*.net https://*.io;style-src 'self' 'unsafe-inline' *;worker-src 'self' blob:;report-uri posthog-csp;report-to posthog-csp; 1
frame-ancestors 'self' https://www.genau-lotto.de https://genau-lotto.de https://*.etracker.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com cdn.tailwindcss.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com www.googletagmanager.com *.upviral.com ;connect-src 'self' bd1.zortrax.com stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com zortrax.us14.list-manage.com *.list-manage.com  *.wistia.com *.litix.io 3dprint.zortrax.com *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com www.google.com *.facebook.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de stiebel-eltron.containers.piwik.pro; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-7255bb3616a053c19bfdfc9b4aa7af4f' 'nonce-a42db68c55d6a631ada1af236ff23be4' 'nonce-0fd7aa9a29cbd27f6bece69447a7bbc5' 'nonce-7231da312330c0a9a3c7124197436be6' 'nonce-78e55ae88c86004a8c4b0431a24c61df' 'nonce-bf9c45bd8c802060fa0f7eb15b11f8f6' 'nonce-e6c4dc1920e39f9df1538b691b3f17f1' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7255bb3616a053c19bfdfc9b4aa7af4f' 'nonce-a42db68c55d6a631ada1af236ff23be4' 'nonce-0fd7aa9a29cbd27f6bece69447a7bbc5' 'nonce-7231da312330c0a9a3c7124197436be6' 'nonce-78e55ae88c86004a8c4b0431a24c61df' 'nonce-bf9c45bd8c802060fa0f7eb15b11f8f6' 'nonce-e6c4dc1920e39f9df1538b691b3f17f1' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com  *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' bitrix.info uaas.yandex.ru vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' bitrix.info abt.s3.yandex.net api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; img-src 'self' api-maps.yandex.ru core-renderer-tiles.maps.yandex.net data: blob: vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; frame-src 'self' youtube.com www.youtube.com oauth.telegram.org fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru yandex.com mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro telegram.org metrica.beeline.ru kinescope.io b10000.vr.mirapolis.ru; font-src 'self' fonts.googleapis.com; 1
default-src 'self' blob: *.avl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com *.adsymptotic.com *.linkedin.com snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com cdn.jsdelivr.net js.stripe.com polyfill.io *.googletagmanager.com *.hotjar.com app.sli.do *.vbrick.com *.google.com *.google.es *.google.at *.google.de *.bing.com *.creators-expedition.com *.imaginativeenterprising-intelligent.com *.mouseflow.com *.clarity.ms *.publuu.com *.buzzsprout.com *.lfeeder.com cdn.ckeditor.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com fonts.googleapis.com p.adsymptotic.com *.linkedin.com *.licdn.com *.facebook.com *.avl.com cdnjs.cloudflare.com cdn.jsdelivr.net *.stripe.com polyfill.io *.google.com *.google.es *.google.at *.google.de; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: avl.com www.avl.com *.googletagmanager.com *.facebook.com *.linkedin.com *.ytimg.com *.cookiebot.com *.bing.com *.google.com *.google.es *.google.at *.google.de *.sli.do *.vbrick.com *.cloudflare.com *.avl-marketing.com *.clarity.ms *.amazonaws.com *.lfeeder.com *.kununu.com; frame-src 'self' *.youtube.com https://js.stripe.com *.cookiebot.com *.doubleclick.net *.bing.com *.sli.do *.vbrick.com *.buzzsprout.com stream.maxr.at *.publuu.com publuu.com *.buzzsprout.com publications.avl.com www.googletagmanager.com; child-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googleapis.com https://p.adsymptotic.com *.linkedin.com https://snap.licdn.com *.facebook.com *.avl.com *.cloudflare.com https://cdn.jsdelivr.net https://js.stripe.com https://polyfill.io blob:; font-src 'self' https://fonts.gstatic.com *.mouseflow.com *.cloudflare.com; connect-src 'self' *.cookiebot.com https://eu-api.friendlycaptcha.eu *.avl.com *.linkedin.com wss://ws.hotjar.com *.n.io *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.avlcorp.lan *.creators-expedition.com *.mouseflow.com *.clarity.ms bat.bing.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1
img-src 'self' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://accelerator.extern.hmmh.io https://piwik.norma-online.de https://*.clarity.ms https://www.facebook.com/ https://c.bing.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.sitesearch360.com *.usercentrics.eu https://piwik.norma-online.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://*.clarity.ms https://connect.facebook.net/ https://c.bing.com blob:; object-src 'none'; font-src 'self'; 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com tag.demandbase.com pagead2.googlesyndication.com cdn.jsdelivr.net *.sentry-cdn.com *.adobedtm.com https://*.qualtrics.com api.wire.spbx.app blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com *.wistia.com; img-src 'self' www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms id.rlcdn.com segments.company-target.com tags.srv.stackadapt.com ad.doubleclick.net www.google.co.in *.prod.acquia-sites.com *.apple.com *.advanceinsurance.com https://*.qualtrics.com *.mdhv.io api.wire.spbx.app *.adsrvr.org data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com www.kff.org s.company-target.com https://*.qualtrics.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.wistia.net *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com px.ads.linkedin.com bcbsks.data.adobedc.net adobedc.demdex.net https://*.qualtrics.com *.sentry-cdn.com *.adsrvr.org; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.ckeditor.com *.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.cookielaw.org; object-src 'none'; style-src 'self' 'unsafe-inline' *.mailchimp.com; img-src 'self' data: blob: *.youtube.com *.google.com *.google.ro *.googletagmanager.com *.shortpixel.ai; media-src 'self' blob: *.youtube.com *.google.ro *.shortpixel.ai; frame-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.etapestry.com etapestry.sky.blackbaud.com *.vercel.app; font-src 'self'; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://www.youtube.com https://cdnjs.cloudflare.com *.gstatic.com https://incyte.piwik.pro; style-src 'unsafe-inline' 'self' *.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net https://cdn.incyte.com; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de *.synology.me:5001; frame-ancestors 'self'; font-src 'self' data:; 1
script-src https://counter.simplybook.me https://cdn.iubenda.com https://cs.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-67aaf781e49af4a0ca1473f9c919c4ef'; child-src blob: ; frame-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org  https://cas.zma.gs/5406ddafe4b098fb1ee80a84/ssr/containers/20f59a2b-d9fe-4355-8530-33c659597e30/init.js https://static.klaviyo.com https://static-tracking.klaviyo.com https://cas.zma.gs https://apps.bazaarvoice.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://snap.licdn.com https://www.upsellit.com https://googleads.g.doubleclick.net  https://d.impactradius-event.com https://googleads.g.doubleclick.net https://app.upsellit.com cdn.pricespider.com https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://px.ads.linkedin.com https://analytics.tiktok.com https://tr.snapchat.com https://connect.letslinc.com https://bat.bing.com; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://display.ugc.bazaarvoice.com https://api.bazaarvoice.com https://privacyportal.onetrust.com https://stage.brandsitedata.mars.com/orchard_vr/vr.html https://td.doubleclick.net https://ct.pinterest.com  https://care.letslinc.com; child-src blob: 1
frame-ancestors https://deejay.de https://*.deejay.de  https://vinylfuture.com https://*.vinylfuture.com; 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo-data.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' *.npo-data.nl cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
default-src    'self' ws:;script-src      'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com static.ads-twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com *.emailsys1c.net *.emailsys1a.net cdn-prod.wdesk.com cdn.jsdelivr.net ixbrviewer.pages.dev;style-src        'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src          'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src            'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net *.emailsys1a.net t.co/i/adsct *.cookiebot.com;frame-src        'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com embed.podcasts.apple.com open.spotify.com platform.twitter.com;connect-src    'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings *.emailsys1c.net *.emailsys1a.net consentcdn.cookiebot.com analytics.twitter.com cdn.linkedin.oribi.io/partner/3468146/domain/gleif.org/token px.ads.linkedin.com;prefetch-src  'self' *.disquscdn.com disqus.com; 1
default-src 'unsafe-inline'  'unsafe-eval' 'self'  *.sessioncam.com *.cloudfront.net *.snapchat.com *.cookielaw.org *.tintup.com *.snapchat.com *.amazon-adsystem.com https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.googleapis.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.betrad.com *.youtube.com *.evidon.com *.jquery.com *.cloudfront.net *.serving-sys.com *.facebook.net *.doubleclick.net *.hypemarks.com *.gstatic.com *.krxd.net *.adimo.co *.bazaarvoice.com *.iesnare.com  *.googleadservices.com *.hotjar.com *.pricespider.com *.yahoo.com *.doubleclick.net *.hotjar.com *.nestle.co.uk *.google.com *.googleoptimize.com *.adsrvr.org *.gbqofs.com *.usabilla.com:* *.fusepump.com:* bam.nr-data.net:* *.locate.com:* *.mapbox.com:* *.pricespider.com:* *.sc-static.net *.snapchat.com *.tintup.com *.sc-static.net tintup.com:* sc-static.net:* *.cookielaw.org *.googletagmanager.com:* *.amazon-adsystem.com *.salesforce.com *.salesforceliveagent.com *.newrelic.com *.addtoany.com *.jsdelivr.net *.cloudflare.com *.pinterest.com *.pinimg.com *.brightcove.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com;; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com *.typography.com *.google.com *.fontawesome.com *.nestle.co.uk *.pricespider.com:* *.mapbox.com:* *.cloudfront.net *.salesforce.com *.bazaarvoice.com *.adimo.co *.salesforce-sites.com; img-src  'self' 'unsafe-inline' https: data: blob: *.googleapis.com *.gstatic.com *.cloudflare.com *.semasio.net *.sessioncam.com *.cloudfront.net *.google-analytics.com *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com *.igodigital.com *.facebook.com *.krxd.net *.starbucksathome.com *.adimo.co *.iriworldwide.com *.bazaarvoice.com display.ugc.bazaarvoice.com bat.bing.com *.google.co.in google-analytics.com *.google.com *.pantheonsite.io *.cookielaw.org *.pricespider.com:* *.adsrvr.org:* *.google.com *.google-analytics.com *.usabilla.com *.demdex.net *.yahoo.com *.bluekai.com *.imrworldwide.com *.sharethrough.com *.truoptik.com *.dotomi.com *.insightexpressai.com *.ml314.com *.amazon-adsystem.com *.googletagmanager.com *.eb2.3lift.com *.dr.mookie1.com *.track2.securedvisit.com *.mid.rkdms.com *.eb2.3lift.com https://app.optimizely.com https://cdn.optimizely.com https://siteintercept.qualtrics.com/;; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' *.addtoany.com *.youtube.com *.evidon.com *.fls.doubleclick.net *.youtube-nocookie.com *.hypemarks.com *.fusepump.com *.google.com *.krxd.net l3.evidon.com *.adimo.co *.bazaarvoice.com *.netsuite.com *.hotjar.com *.doubleclick.net *.netsuite.com *.flashtalking.com *.google.com *.tintup.com *.amazon-adsystem.com *.facebook.com *.adsrvr.org *.salesforce.com *.snapchat.com *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us *.pinterest.com *.adsrvr.org *.googletagmanager.com *.usabilla.com https://starbucks.jebbit.com/ https://a5763127292198912.cdn.optimizely.com https://a5763127292198912.cdn-pci.optimizely.com *.salesforce-sites.com https://*.qualtrics.com;; frame-ancestors 'self' *.starbucks.jebbit.com *.staging-nestlestarbucks.snipp.us  *.hypemarks.com *.usabilla.com https://starbucks.jebbit.com/ *.salesforce-sites.com; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://forms.na2.netsuite.com http://live-dig0028606-coffee-starbucks-usa.pantheonsite.io https://live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io https.live-74944-beverages-starbuckstwo-unitedstates.pantheonsite.io blob:; https://*.optimizely.com;; font-src  'self' data: *.gstatic.com *.fontawesome.com *.cloudflare.com; connect-src 'self' *.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com *.analyze.ly *.serving-sys.com *.doubleclick.net *.iriworldwide.com *.bazaarvoice.com *.hotjar.io *.nr-data.net *.bing.com *.nestle.gbqofs.io *.pricespider.com:* *.mapbox.com:* *.usabilla.com *.google-analytics.com *.clarity.ms *.tintup.com *.amazonaws.com *.snapchat.com *.cookielaw.org *.onetrust.com *.bam.nr-data.net bam.nr-data.net:* *.pinterest.com *.google.com *.google-analytics.com edge.api.brightcove.com *.boltdns.net *.brightcovecdn.com https://*.optimizely.com data-na.starbucks.com *.salesforce-sites.com *.lightning.force.com https://*.qualtrics.com; 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com cloud.ccm19.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com www.googleadservices.com crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com googleads.g.doubleclick.net; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net cloud.ccm19.de; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com cloud.ccm19.de; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net crmweb.burkert.com cloud.ccm19.de *.snitcher.com sst.burkert.com scnem.com scnem2.com; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.googletagmanager.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com scnem2.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src 'self'; frame-src 'self' https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ https://new.express.adobe.com/webpage/static/embed/embed.js https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://studio.eu.screencloud.com/ https://screencloud.com/ *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://translate-pa.googleapis.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://www.doctify.com/ *.webspellchecker.net/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
base-uri 'none';connect-src 'self' http://localhost:3001 http://127.0.0.1:3001 *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.convertexperiments.com data.wgp.se *.oresundsbron.com *.adnxs.com *.bing.com *.bing.net *.clarity.ms *.facebook.com;font-src 'self' *.hotjar.com https://fonts.gstatic.com data:;form-action 'self' https://www.facebook.com;frame-ancestors 'none';img-src 'self' data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com https://googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12824419.fls.doubleclick.net https://stats.g.doubleclick.net *.bing.com *.bing.net *.clarity.ms;manifest-src 'self';media-src 'self' data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com googletagmanager.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com *.convertexperiments.com *.powerplatform.com *.bing.com *.bing.net *.clarity.ms *.strossle.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com *.hotjar.com *.bing.com *.bing.net *.clarity.ms;worker-src 'self'; 1
default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com https://www.googletagmanager.com/; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.1und1.ag; img-src https: data:; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.1und1.ag; script-src 'strict-dynamic' 'nonce-a1224cfdc5c0b95c8c07fb90d49c9e7b' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self'; frame-src https://irpages2.eqs.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a1224cfdc5c0b95c8c07fb90d49c9e7b' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com https://d2hxmxr8sknmfu.cloudfront.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com d2hxmxr8sknmfu.cloudfront.net; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com https://d2hxmxr8sknmfu.cloudfront.net *.ca-central-1.amazonaws.com wss://*.ca-central-1.amazonaws.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com  *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.apple.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; font-src 'self' data:; report-uri /hec-report-csp-violation 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.x.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com rumble.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com cdnjs.cloudflare.com stats.addtoany.com 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com analytics.mbda-systems.com static.addtoany.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.epresspack.online analytics.mbda-systems.com; img-src 'self' data: *.epresspack.online newsroom.mbda-systems.com analytics.mbda-systems.com; media-src 'self' about: data:; frame-src 'self' *.youtube.com static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; connect-src 'self' analytics.mbda-systems.com static.addtoany.com stats.addtoany.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data-eu.purina.fr; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.fr 1
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com *.youtube.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com *.crazyegg.com analytics.imirwin.com partner.googleservices.com partner.googleadservices.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com *.crazyegg.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com i.ytimg.com *.crazyegg.com *.gstatic.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.google.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.crazyegg.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com *.crazyegg.com td.doubleclick.net syndicatedsearch.goog;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com *.google.com *.crazyegg.com analytics.imirwin.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com *.crazyegg.com;worker-src 'self' blob: *.crazyegg.com;child-src 'self' blob: *.crazyegg.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
: default-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://api.coinbase.com https://www.google-analytics.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://*.polkastarter.com https://*.cookie3.co https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://*.bnbchain.org https://*.bnbchain.org:8545/ https://rpc.ankr.com/bsc https://*.binance.org https://testnet.omni.network https://arb1.arbitrum.io/rpc https://sepolia-rollup.arbitrum.io/rpc https://mainnet.base.org https://sepolia.base.org https://forno.celo.org https://alfajores-forno.celo-testnet.org https://mainnet.mode.network https://sepolia.mode.network https://goerli.optimism.io https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc.ankr.com/polygon_mumbai https://mainnet.infura.io https://sepolia.infura.io/ https://cloudflare-eth.com/ https://rpc.sepolia.org https://rpc.ankr.com https://rpc.ankr.com/eth https://rough-lingering-pine.bsc.quiknode.pro https://little-intensive-wildflower.quiknode.pro https://rpc.mainnet.sui.io/ https://httpbin.org/ https://evm-rpc.sei-apis.com/ https://evm-rpc-testnet.sei-apis.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self' *;frame-ancestors 'none';frame-src https://in.sumsub.com/ https://www.youtube.com/ https://verify.walletconnect.com https://verify.walletconnect.org https://vercel.live https://www.tradingview-widget.com https://s.tradingview.com https://*.facebook.net https://*.facebook.com;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com https://cdn.staging.cookie3.co https://www.youtube.com https://unpkg.com https://s3.tradingview.com https://*.facebook.net https://*.facebook.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;worker-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://cdnjs.cloudflare.com https://maps.googleapis.com/maps/api/js https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://*.gstatic.com https://docs.google.com/; img-src * data: blob:; font-src *; worker-src * data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://s0.wp.com data:; frame-src 'self' https://*.cookieyes.com https://www.google.com https://*.youtube.com https://dub01.online.tableau.com https://*.tableau.com https://forms.hsforms.com https://widgets.wp.com; img-src 'self' https://*.oversightboard.com *.oversightboard.com https://oversightboard.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://pixel.wp.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.tableau.com https://track.hubspot.com https://secure.gravatar.com https://*.hsforms.com blob: data:; object-src; script-src 'self' https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com https://stats.wp.com https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hs-banner.com https://*.tableau.com https://dub01.online.tableau.com https://s0.wp.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://s0.wp.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
script-src 'self' 'unsafe-eval' 'nonce-ab84529838966a18841e61fca703c106' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de https://*.trustedshops.com https://*.etrusted.com; style-src 'self' 'nonce-ab84529838966a18841e61fca703c106' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
default-src 'self'; script-src 'self'  https://cdn.ckeditor.com data: ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net d3rxaij56vjege.cloudfront.net googleads.g.doubleclick.net snap.licdn.com sourcepoint.activehosted.com static.hsappstatic.net https://tag.demandbase.com trackcmp.net www.google.com www.googleadservices.com www.google-analytics.com https://*.googletagmanager.com www.gstatic.com https://www.influ2.com https://sc.lfeeder.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hubspot.com https://*.hs-scripts.com cdn.jsdelivr.net https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com https://*.clarity.ms https://static.ads-twitter.com  https://*.onetrust.com 'sha256-/RJ8NoT76/a8Ofw1yEJbkar6uEejOHUvY4mRxpEg6BA=' 'sha256-CcQPEGIn1YFID9D2udl6b+ZuRUOHqrMxSQP9xHz1pMY=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo='; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com fonts.bunny.net js.hsforms.net js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net cdn.jsdelivr.net  https://cdn.ckeditor.com ; img-src data: *; media-src 'self'; frame-src 'self' td.doubleclick.net s.company-target.com www.google.com player.vimeo.com gateway.zscalerthree.net www.googletagmanager.com block.opendns.com https://*.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.simplecast.com/ https://www.slideshare.net https://ga.firstsource.com; frame-ancestors https:; font-src 'self' data: fonts.gstatic.com static.zip.co fonts.bunny.net; connect-src 'self' https://*.google.com https://adservice.google.com api.company-target.com px.ads.linkedin.com segments.company-target.com stats.g.doubleclick.net t.influ2.com tag-logger.demandbase.com www.google-analytics.com www.influ2.com https://*.hsforms.com https://*.hscollectedforms.net  https://www.googleadservices.com https://*.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://*.clarity.ms  https://www.facebook.com https://connect.facebook.net https://ga.firstsource.com  https://*.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com cdn.jsdelivr.net; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://connectwidgets.sutherlandconnect.com newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://unpkg.com https://progress-tracker-prod.firebaseio.com https://cdn.pricespider.com https://ckf02.lancsd.org https://bam.nr-data.net https://js-agent.newrelic.com http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://cdn.sutherland.ai/messenger/twix/build/js/sgs-bundle.js https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js https://cdn.ampproject.org https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.css https://challenges.cloudflare.com/turnstile/v0/api.js https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://marspulse.my.site.com/ESWMWEinsteinBotGeneri1749101303349/assets/js/bootstrap.min.js https://analytics.tiktok.com https://analytics.tiktok.com/* https://tr.snapchat.com/* https://tr.snapchat.com; object-src 'none'; frame-src 'self' blob: https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com https://challenges.cloudflare.com/ https://content-builder.s10.marketingcloudapps.com https://marspulse.my.site.com https://analytics.tiktok.com https://www.youtube-nocookie.com/; child-src blob: 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com www.googletagmanager.com www.gstatic.com adservice.google.ru adservice.google.com.ua *.google.com *.mail.ru vk.com vk.ru *.buzzoola.com ajax.googleapis.com *.doubleclick.net cackle.me *.cackle.me *.sape.ru code.createjs.com ad.slickjump.com slickjump.com sjsmartcontent.ru googletagmanager.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru cdn.al-adtech.com *.al-adtech.com *.botfaqtor.ru www.acint.net; connect-src 'self' an.yandex.ru strm.yandex.ru mc.yandex.ru mc.yandex.com wss://mc.yandex.com yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru sjsmartcontent.ru *.al-adtech.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com www.cloudflare.com secureads.increaserev.com *.botfaqtor.ru 1
"default-src *" 1
frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.victoria.ca *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recollect.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com googletagmanager.com *.fontawesome.com polyfill-fastly.io *.googleapis.com *.google.com tagmanager.google.com *.fontawesome.com unpkg.com *.typekit.net *.googletagmanager.com *.gstatic.com *.searchcdn.com *.recaptcha.net *.recollect.net translate-pa.googleapis.com addsearch.com *.jsdelivr.net *.ecdev.org *.facebook.net googleads.g.doubleclick.net; object-src 'self' *.googlesyndication.com https://cityofvictoria.perfectmind.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.typekit.net *.fontawesome.com fonts.googleapis.com translate.googleapis.com unpkg.com *.gstatic.com *.googletagmanager.com *.fastly.net *.addsearch.com *.ecdev.org; img-src 'self' data: blob: *.google.com *.google.ca *.googleadservices.com *.fastly.net *.ytimg.com *.recollect.net *.gstatic.com *.openstreetmap.org *.addsearch.com *.cloudfront.net *.googletagmanager.com addsearch.com *.googleapis.com *.cloudfront.net *.arcgisonline.com *.victoria.ca; frame-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net  azurewebsites.net *.azurewebsites.net *.ecdev.org *.escribemeetings.com alertable.ca; frame-ancestors 'self' *.facebook.com *.bsky.app *.linkedin.com *.instagram.com *.cdninstagram.com *threads.net ; child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.arcgis.com *.recaptcha.net cityofvictoria.perfectmind.com *.youtube.com *.recollect.net *.cyberimpact.com azurestaticapps.net  https://calm-tree-0547faf10.6.azurestaticapps.net azurewebsites.net *.azurewebsites.net; font-src 'self' *.gstatic.com *.fontawesome.com data: *.typekit.net fastly.net *.global.ssl.fastly.net *.fastly.net recollect-us.global.ssl.fastly.net *.scite.ai; connect-src 'self' https://*.victoria.ca *.fontawesome.com *.google.com *.google-analytics.com *.fontawesome.com *.googleadservices.com *.googleapis.com *.azurewebsites.net *.recaptcha.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' https://*.fbcdn.net https://*.cdninstagram.com; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com https://connect.facebook.net https://www.facebook.com https://audio7.audima.co blob: data:; connect-src 'self' https://originacao.minervafoods.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com https://api.cvortex.com https://backmenu.audima.co https://ka-f.fontawesome.com https://cdn.privacytools.com.br https://pt.wiktionary.org https://en.wiktionary.org https://es.wiktionary.org https://vlibras.gov.br https://dicionario2.vlibras.gov.br https://cdn.jsdelivr.net https://www.google.com https://myminerva.minervafoods.com https://raw.githubusercontent.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com https://menu.audima.co https://ka-f.fontawesome.com https://vlibras.gov.br https://cdn.jsdelivr.net https://fonts.bunny.net data:; form-action 'self' https://www.facebook.com https://wpmudev.com data:; frame-ancestors 'none'; frame-src https://www.gstatic.com https://www.google.com https://audio7.audima.co https://www.youtube.com https://open.spotify.com https://clarity.microsoft.com https://td.doubleclick.net/ blob:; img-src 'self' https://minervafoods.com https://vlibras.gov.br https://www.google.com.br https://myminerva.minervafoods.com https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net https://s.w.org https://claritystatic.blob.core.windows.net https://menu.audima.co https://2.gravatar.com https://*.cdninstagram.com data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://menu.audima.co https://audio7.audima.co https://kit.fontawesome.com https://www.youtube.com https://cdn.privacytools.com.br https://www.vlibras.gov.br https://unpkg.com https://clarity.microsoft.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://cdn.privacytools.com.br https://fonts.bunny.net 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' *.demdex.net *.jsdelivr.net *.mapbox.com *.linkedin.com *.demdex.net *.app.powerbi.com jquery.min.js ; script-src 'self' 'unsafe-inline' blob: *.adobedtm.com *.jsdelivr.net  'unsafe-inline' *.licdn.com *.facebook.net *.mapbox.com *.omtrdc.net *.newrelic.com *.youtube.com *.omtrdc.net   *.googletagmanager.com *.dwcdn.net *.vimeo.com 'unsafe-eval' youtube-nocookie.com https://app.powerbi.com/* ; style-src 'self' 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.mapbox.com *.youtube.com *.vimeo.com  *.dwcdn.net  *.nocookie.com jquery.min.js ; img-src 'self' data: blob: *.linkedin.com *.omtrdc.net *.ytimg.com https://app.powerbi.com/*; frame-src 'self'  *.youtube.com *.vimeo.com https://www.youtube-nocookie.com https://app.powerbi.com/* https://app.powerbi.com/reportEmbed/* https://app.powerbi.com ; child-src https://app.powerbi.com/* https://app.powerbi.com/reportEmbed/* blob:; font-src 'self' *.gstatic.com *.googleusercontent.com ; connect-src 'self' *.jsdelivr.net *.mapbox.com *.linkedin.com *.nr-data.net *.youtube.com *.omtrdc.net  *.dwcdn.net  google-analytics.com youtube-nocookie.com jquery.min.js *.demdex.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net code.highcharts.com googleapis.com script.crazyegg.com unpkg.com *.google-analytics.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com app.powerbi.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com googleapis.com script.crazyegg.com unpkg.com; img-src 'self' data: googleapis.com *.google-analytics.com www.googletagmanager.com www.gstatic.com; frame-src 'self' *.domoapps.prod101.domo.com aibc.pandemicoversight.gov blob: domoapps.prod101.domo.com public.domo.com static.pandemicoversight.gov storymaps.arcgis.com www.arcgis.com www.google.com app.powerbi.com; frame-ancestors 'self' *.domo.com *.domoapps.prod101.domo.com cigie-gov.domo.com domoapps.prod101.domo.com; child-src blob: app.powerbi.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com *.google-analytics.com www.google.com/recaptcha/ app.powerbi.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors t.signalplus.com fi.signalplus.com t.signalplus.net fi.signalplus.net  falconx.signalplus.com falconx.signalplus.net t-pre.signalplus.com; 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io  https://s.pinimg.com  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.taboola.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net *.fontawesome.com; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io  https://*.pinterest.com  https://open.spotify.com *.fontawesome.com https://www.googletagmanager.com https://player.captivate.fm https://crelan-selfservice-qa.web.opercredits.com https://crelan-selfservice-production.web.opercredits.com; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com  https://ct.pinterest.com *.fontawesome.com https://*.cookiepro.com https://*.taboola.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com *.youtube.com *.youtube-nocookie.com; img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de *.youtube.com *.youtube-nocookie.com; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de dwl.dawconnect.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr 'unsafe-inline'; object-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba63db3f96a1d5bb789394101974def5f&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://shredit.intelliresponse.com https://stericycle.demdex.net blob: gap:; connect-src 'self' https://www.googletagmanager.com/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://api.cloud.247-inc.net/ https://stg-tie.cloud.247-inc.net/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://d1af033869koo7.cloudfront.net http://d1af033869koo7.cloudfront.net https://dpm.demdex.net/ https://adobedc.demdex.net/ https://edge.adobedc.net https://privacyportal-eu.onetrust.com/ wss://127.0.0.1:2045; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://cdn.cookielaw.org/ https://fonts.gstatic.com/ https://cm.everesttech.net/ data: blob:; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://d2j8jkom7xmn9n.cloudfront.net/ http://d2j8jkom7xmn9n.cloudfront.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Oh%2F3T4vErB0jrrzaerRlHoP%2B8qNVSSCWRgglLRnfUVFYoyJ0bD%2FolOL07vpmqU%2BfBY4bCrgdi4DkoitWivCU%2FA%3D%3D;  1
base-uri 'self'; child-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.surveymonkey.com/ https://*.twitter.com/ https://*.vimeo.com/ https://*.youtube.com/ https://app.powerbi.com/ https://dev.visualwebsiteoptimizer.com/ https://td.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.feefo.com/ https://*.google.com/ https://www.googleadservices.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbankinggroup.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://ict.infinity-tracking.net/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net/ https://widget.trustpilot.com/ https://www.google.co.uk/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' https://*.feefo.com/ https://*.paragonbankinggroup.co.uk/ https://*.surveymonkey.com/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://ict.infinity-tracking.net/ https://pagead2.googlesyndication.com/ https://snap.licdn.com/ https://unpkg.com/ https://widget.trustpilot.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://dev.visualwebsiteoptimizer.com/ https://fonts.googleapis.com/ https://register.feefo.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self' https://*.surveymonkey.com/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=RIYxYCuh7m%2FkYpIm9wAqTFA1KMgyKLvv%2FOY1RNI4LDxEGaguO4IesA1T0bZAAT7fgPCRIDxKTcHdAmH31WHUXQ%3D%3D; 1
default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com https://*.doubleclick.net https://static.addtoany.com https://*.muchloved.com https://*.juicer.io ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.sc-static.net https://*.bing.com https://*.linkedin.com https://*.doubleclick.net https://*.muchloved.com https://cdnjs.cloudflare.com https://online.flippingbook.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.monitor.azure.com https://monitor.azure.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net ;connect-src 'self' https://docs.google.com https://www.google.com https://cdn.acsbapp.com https://*.acsbap.com https://*.acsbapp.com https://acsbapp.com https://acsbap.com https://*.wikipedia.org https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com https://cdn.fluidads.com https://static.hotjar.com https://player.vimeo.com https://*.in.applicationinsights.azure.com https://*.applicationinsights.azure.com https://applicationinsights.azure.com https://bat.bing.com https://bat.bing.net ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://t.co https://*.muchloved.com https://bat.bing.com https://bat.bing.net ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://acsbap.com https://*.acsbapp.com https://*.acsbap.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.issuu.com https://*.hotjar.com ;frame-src 'self' https://docs.google.com https://static.addtoany.com https://td.doubleclick.net https://www.googletagmanager.com https://forms.office.com https://customervoice.microsoft.com https://crohnsandcolitis.org.uk https://www.google.com https://app.postermaker.io https://www.muchloved.com https://e.issuu.com https://www.youtube.com https://www.youtube-nocookie.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://chats.landbot.io https://online.flippingbook.com https://player.vimeo.com https://accounts.google.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.landbot.io https://*.snapchat.com ;object-src 'none' ;media-src 'self' 'unsafe-inline' data: ; 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl blob:; worker-src blob: 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net www.canva.com *.youtube.com view.genial.ly view.genially.com climatefarmdemo.eu *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com *.licdn.com https://translate.google.com https://translate.googleapis.com *.typekit.net; manifest-src 'self' https://www.wefact.nl; img-src 'self' data: *.wefact.ai *.taggrs.io *.analytics.google.com *.gstatic.com https://maps.googleapis.com https://www.mijnwefact.nl *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com https://www.google.com https://www.google.be https://www.google.nl https://www.googleadservices.com https://googleads.g.doubleclick.net https://webstream.wefact.com https://webfiles.wefact.com https://googletagmanager.com *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.clarity.ms *.bing.com https://bat.bing.net https://www.mollie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wefact.ai https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com http://www.youtube.com/iframe_api *.ytimg.com *.facebook.com *.facebook.net *.linkedin.com *.licdn.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://developers.google.com https://maps.googleapis.com *.gstatic.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com *.clarity.ms *.bing.com *.bing.net https://secure.adnxs.com *.googletagmanager.com *.cookiebot.com; font-src 'self' data: https://www.mijnwefact.nl *.typekit.net https://fonts.gstatic.com; connect-src 'self' *.open.cx *.wefact.ai https://flow.wefact.nl https://maps.googleapis.com https://places.googleapis.com https://www.mijnwefact.nl https://graphql.prepr.io *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.clarity.ms *.bing.com *.bing.net https://translate.googleapis.com https://translate-pa.googleapis.com *.cookiebot.com https://www.wefact.nl https://webstream.wefact.com https://webfiles.wefact.com; frame-src 'self' https://flow.wefact.nl https://www.mijnwefact.nl https://www.youtube.com *.facebook.com *.facebook.net *.linkedin.com https://bid.g.doubleclick.net https://td.doubleclick.net https://outlook.office365.com *.googletagmanager.com *.cookiebot.com; frame-ancestors 'self'; object-src 'self' 'unsafe-inline' https://www.mijnwefact.nl https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com https://maps.googleapis.com *.clarity.ms *.bing.com *.bing.net; media-src 'self' https://www.mijnwefact.nl https://www.wefact.nl; child-src *.facebook.com *.facebook.net; 1
script-src 'self' 'unsafe-eval' 'nonce-e08ab336423defc4c4d2c1ebdeded6a2' 'strict-dynamic' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de https://*.trustedshops.com https://*.etrusted.com; style-src 'self' 'nonce-e08ab336423defc4c4d2c1ebdeded6a2' 'unsafe-hashes' 'sha256-Chued6H/FqwtY0xgIG4zxn1W6uXOo1t3SXAPpyzds7U='  'sha256-5SDvdr72xKyplNCK6s3wo8+AzCvSSrO4ATaEFE1N3YU='  'sha256-b/AJ3u1NxOK+yAHe28I3iTI1e9j23Bv94CsSnYMe0I4='  'sha256-WXbTK+Q2IO0qiVm9TmwaoCb/gGYy8plieL1g7TJ+i1o='  'sha256-TIWitS/sbsTCj5gHE+Ub2hNq7Ebv+whf6SCnicmBM1A='  'sha256-bM22Xahg3Ska2CbZv9HSsXayiD0Z5iJL6QcufF1H9e0='  'sha256-cJA8XvfmOhAJWjlDZi2dvUyXcjLaXJsW296wKpLNDSg='  'sha256-W5t509XHgNgqXPEkC+CNVw120RQzW++3Peh6kOOF7H0='  'sha256-SDpJ06IXtKeyPxzWvEQbz1w8atX8WEPMmLziJ2Yr3t8='  'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='  'sha256-RfS5BPmz3Vwypv5zOAVIB743tRj+AEwi4dugaXrsDwk='  'sha256-x4b2HXIRVmbavEXgC5A6qDxwchYDCHsF5XjgG+IX/9k='  'sha256-sjBpDcTxG5RUsOcN+DFW/IhJtxXGSiB/5wxRqMbKc8g='  'sha256-6N6ExomJBSb15QoU3z4kffBiUYwHzIOPFDBNFyQo5zM='  'sha256-Xjtk8M9sZ4nFg15sesBAusx8bR5RyH5adt0U2TGp1Hc='  'sha256-YV8lKTFZ9If7/i9C+12znUBTxRQw2mwPFb+mvUF76jI='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-xhhnTHVCXiqgxWYHm1Aa2GmrJUgS7MCnS5+Ou4nbmvI='  'sha256-lgwR+lozSh+2mYjVqEytPQ8igYNCs3WxYDoJ+FfmTM8='  'sha256-Pmke26teTSgoga2qVZQxn5+8tJEHv3b6P31sM4A7nUA='  'sha256-u3gvlgPH9p+WcuUGYJ1tagF6JvmPBRgC8dUVFMyvgFw='  'sha256-MlKRU2qUIVN+Cj86rIOyMnLxGlFm6Y1JJpGW5mQkUZs='  'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='  'sha256-2gz8aiXiOB6Up4QDJqnRa6SHIHmCXTLcaqHHxsA3LlA='  'sha256-qTkwDWS8vAgVRoa+CLotP91j1y1653Dw7c6uFVO9hdk='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-GbUhe7JxmiOWfQ00Srbs7iduQVRWWln6C42y78HlLxs='  'sha256-0W4IyoGJZtlp+gwrArXhImVbco+I5f2pug6ZEmjL2U0='  'sha256-6cAsdx6Eo0akaAinSdKpeL36RozFFZb6YeLNQSOtOKU='  'sha256-8kPOCl/iIr6YgWLvLnIRMrYnCJHOzs6WNYAedT41SM8='  'sha256-2Go/yMtz4sEcAbw1TnjkjLz983Zxq7frCShdJs2OobM='  'sha256-g6zf946PtVM63bZ+fe9QUc3hDXp5BMl6OBmAlKhKV60='  'sha256-zqo/Gf4mmbgvoqPGTNSkHYfibgllewm/seDhWyooOOk='  'sha256-FVE4UqDzJ5GzKFQlZqU4Zq3EAxxb/T0hpPQU9k6uwkA='  'sha256-R2Vkrx5FLpmMY0750ljuQem15/f/bIrrGl+TXyzeETo='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-jI3sfmilVzfPCYviQAKSk25gbqy5bKO6ytnWnH7tPy4='  'sha256-MGcxmZXFvleb8FuwqjCYtvoakNGj+J6yTNrv1TSxJiA='  'sha256-hbZWfW0vwSYriJkO6sDWlefwk0ZUNVCSaBe66T81nB0='  'sha256-rh2A364+F4JpsYOMvu2X0b8oUqSm+hinlVRTT9lHrwY='  'sha256-gGRDCDCtVdIb3guY7Af4d2zlZ2AHGiJ1Fo0P+PkrAQ4='  'sha256-28yeYgrPQDDyWFt+gxC5JLjh+vmdwGtJ6vrGY5agNmA='  'sha256-tq6DPpzxxZo0uDGIA3cWY73a2IghW7jFPDxfoADIVA4='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-o1r1pjDVBLdNe0LQRcCT5BFFXxPXMW1YFFI3KAch9eI='  'sha256-Qzu0lxLJiiX6Kov/Hhw2clLBMwE/AGShWjshh7S4cZE='  'sha256-IGAWb2ggeHqxQRSvWbzAamu9Ko86r4FttA9LNd1b/uI='  'sha256-p08VBe6m5i8+qtXWjnH/AN3klt1l4uoOLsjNn8BjdQo='  'sha256-HeCUqYbpi0jcNQCtmPyDkSSaeWOk+GFgiIxfAAAbsFg='  'sha256-33YGiROm4Pzv0xXIPo82M0Dt2zrdnP4IgbJq1WeAtf8='  'sha256-j6Tt8qv7z2kSc7fUs0YHbrxawwsQcS05fVaX1r2qrbk='  'sha256-RAtMRMPc7pZorvh8gaXlMJh1zDaSAmCzJ4zoN0Y5bn4='  'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y='  https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://bam-cell.nr-data.net https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://*.cloudflare.com https://*.lottiefiles.com https://*.google-analytics.com https://www.yumpu.com https://*.youtube.com/ https://i.ytimg.com/ https://*.doubleclick.net https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com https://*.abtasty.com/ https://*.amazonaws.com/ wss://*.hotjar.com https://go2perseo.com https://affperformance.com/ https://ad.soicos.com https://ads01.groovinads.com https://*.cybba.solutions https://*.cloudfront.net https://*.go4aluna.co https://bing.com https://*.aptoweb.com/ https://*.helpscout.net/ bytedance: sslocal: https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://*.taboola.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src *; connect-src *; frame-src *; img-src * data:; media-src *; object-src *; style-src * 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com  https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com https://cdn.ckeditor.com https://static.cloudflareinsights.com https://b.static.lightning.force.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' data: *.storck.com; script-src 'self' 'nonce-LIRgf7mAwd9XH8JxksyCDA7gK5WcIMlL2h7wr66zCMJWPsoJbxfkfQ' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; connect-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io data:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.googletagmanager.com https://*.pega.net https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mypurecloud.com.au https://*.youtube-nocookie.com https://*.youtube.com https://subscriptions.smartrecruiters.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com https://staticcdn.co.nz staticcdn.co.nz https://app.powerbi.com; img-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://*.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://*.google.co.nz *.google.co.nz https://meridian-production-media.s3.ap-southeast-2.amazonaws.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.meridianenergy.co.nz https://*.doubleclick.net https://*.facebook.net https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mypurecloud.com.au https://*.sentry.io https://*.smartrecruiters.com https://*.tt.omtrdc.net https://*.usemessages.com https://analytics.tiktok.com https://api.addressfinder.io https://browser.sentry-cdn.com https://forms.hsforms.com https://ir.iguana2.com https://js.hsadspixel.net https://js.hscollectedforms.net https://s.swiftypecdn.com https://search-api.swiftype.com https://staticcdn.co.nz https://www.youtube.com wss://*.hotjar.com wss://*.mypurecloud.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com 'nonce-ZTJhZmI5NDJlODhiYWZhOWRhODdmZTQ5MjFkNGQzMjczNTgyZDE0OGQ4OWE4ODg1OWJhNDZkZWMxYWM1OGVhN2EzODk1Y2MwOGRhMTQzNmIxNzhkODM5ZWQ5ODU3NWUzYjczM2Y0YzNiYjMwMWQxOWNlZWYzOWY2YTk5N2IzZjU=' 'unsafe-eval' blob:; style-src 'self' https://s.swiftypecdn.com https://*.mypurecloud.com.au https://static.smartrecruiters.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6229198/security/?sentry_key=d3383061a5464af09b0da48432305265&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'self'; 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.creditsafe.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; script-src https://*.axept.io 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hipay.com *.paypal.com *.static.axept.io 'sha256-Tzsl1EqoO9KsY3ZLwZ/PCkw3WnjUwoiMZoQUR6wG6mw=' 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com *.screeb.app 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' 'sha256-Dzik/WB+gJBcz9UYbbFUYFlTaU4qb0rrolNQQCQBQLU=' 'sha256-t19EsRsyX2bh0qql+yUUtI62N0Lx4bXF/EmD3xAx6B8='; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com *.screeb.app wss://*.screeb.app; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app 'unsafe-inline' https://*.screeb.app wss://*.screeb.app blob:; connect-src 'self' https://client.axept.io https://api.axept.io https://user-api-dot-pi-prod-user-management-api.ew.r.appspot.com https://*.axeptio.eu *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.hipaytech.com *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.run.app; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com *.screeb.app *.paypalobjects.com twemoji.maxcdn.com https://axeptio.imgix.net https://favicons.axept.io https://*.gstatic.com; frame-src https://authentication.hipay.com; frame-ancestors 'none' 1
default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org feeds.kobo.com 1
default-src 'self'; style-src 'self' 'unsafe-inline', default-src 'self'; style-src 'self' 'unsafe-inline' 1
base-uri 'none'; default-src 'self'; child-src https://*.yachtbuyer.com https://www.youtube.com https://www.google.com https://www.facebook.com https://iframe.mediadelivery.net; connect-src 'self' https://a.yachtbuyer.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.facebook.com https://zoom.yachtcast.net https://error.dfusion.com https://*.clarity.ms https://*.b-cdn.net; font-src 'self' https://*.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://www.facebook.com; frame-ancestors https://*.yachtbuyer.com; img-src 'self' https://*.yachtbuyer.com https://*.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.bugherd.com https://www.facebook.com https://zoom.yachtcast.net https://i.ytimg.com https://img.youtube.com https://*.clarity.ms https://*.b-cdn.net https://i.vimeocdn.com blob: data:; media-src 'self' https://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' https://*.yachtbuyer.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://browser.sentry-cdn.com https://*.clarity.ms https://assets.mediadelivery.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://www.bugherd.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://kalender.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ https://i.ytimg.com/ 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://client.rum.us-east-1.amazonaws.com/1.2.1/cwr.js https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/plugins/identity.js https://connect.facebook.net/signals/config/1525576007456708 https://connect.facebook.net/signals/config/1465344211021108 https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://static.hotjar.com https://*.clarity.ms https://c.bing.com https://api.mapbox.com 'unsafe-inline' https://connect.facebook.net/signals/config/undefined; frame-src 'self' bytedance: sslocal: https://webapi.nawy.com https://listing-api.nawy.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.google.com.eg; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com; img-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com https://s3.eu-central-1.amazonaws.com https://www.google.com https://www.google.com.eg https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://purecatamphetamine.github.io https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; media-src 'self' blob: data: https://prod-images.nawy.com https://prod-images.cooingestate.com; connect-src 'self' https://webapi.nawy.com https://listing-api.nawy.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://www.google.com https://www.google.com.eg https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com https://property-forms-api.cooingestate.com https://platform.cooingestate.com; frame-ancestors 'self' https://partners.nawy.com https://partners.cooingestate.com https://web-sandbox.oaiusercontent.com https://*.web-sandbox.oaiusercontent.com https://chatgpt.com https://*.chatgpt.com https://chat.openai.com https://*.chat.openai.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com unpkg.com cdn.cookielaw.org s2.adform.net browser.sentry-cdn.com js.hubspot.com js.sentry-cdn.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net maps.googleapis.com pagead2.googlesyndication.com server.adform.net *.lytics.io; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css *.lytics.io; img-src 'self' blob: data: cdn.cookielaw.org *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net *.lytics.io; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' player.vimeo.com fast.wistia.net *.hs-sites.com fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net c.lytics.io; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org adservice.google.com px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; child-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; frame-src blob: 'self' gap: https://*.tools.investis.com/ https://*.twitter.com/ https://*.youtube.com/ https://td.doubleclick.net/ https://www.google.com/ https://www.googletagmanager.com/; connect-src 'self' https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.onetrust.com/ https://*.paragonbank.co.uk/ https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://fonts.gstatic.com/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://qfx.tools.investis.com/ https://stats.g.doubleclick.net/ https://www.google.co.uk/ https://www.google.com/ https://www.googletagmanager.com/; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com/; img-src data: 'self' https://* blob:; media-src data:; script-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://*.visualwebsiteoptimizer.com/ https://*.youtube.com/ https://cdn.sitesearch360.com/ https://cdn-ukwest.onetrust.com/ https://googleads.g.doubleclick.net/ https://qfx.tools.investis.com/ https://otp.tools.investis.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.twimg.com/ https://*.twitter.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ 'unsafe-inline'; frame-ancestors gap: 'self'; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=GI7w4I47GvRHX6HjNBw5IpiHOVTIUkRvhIiwoxGYyQcndSFPnlbWFa9Kwv%2Bl9aHbe%2FkHgCCZB%2BKE6UYtBaLrVw%3D%3D; 1
base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/  https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa .gov.np *.mofa.gov.np s.ytimg.com *.facebook.net www.google.com.np *.sharethis.com *.youtube.com *.genesesolution.com nepalembassy.org.uk londonembassyevent.pages.dev *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it *.mofa.gov.np mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com *.youtube.com *.twimg.com secure.gravatar.com cdn. lh3.googleusercontent.com *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self'  *.youtube.com *.facebook.net *.google.com *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 1
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 1
frame-ancestors 'self' https://www.tvacreditunion.com https://tvacreditunion.com https://olb.tvacreditunion.com 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.sim24.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim24.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.sim24.de https://umfrage.sim24.de https://pts.sim24.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim24.de https://stats.sim24.de https://imagepool.sim24.de https://pts.sim24.de https://analytics.tiktok.com https://umfrage.sim24.de; script-src 'strict-dynamic' 'nonce-4b43ce2b38b32e602cc3eb5f194b3c33' 'nonce-b1bed14c39a4456fad874857bcc38c42' 'nonce-e42005992ff7d183e0d8fb123d587b6b' 'nonce-b2bb357ec4a86548e61e18daca65821a' 'nonce-a4c5abaee412ac4431c246d9fd504a84' 'nonce-9de8d564ebc47838cdf4f024ac6ecc9d' 'nonce-8f1b8b068c6431e36014b8d06e00b96d' 'nonce-0a6b5b468b7e950c03c0a15bcd2a1eb3' 'nonce-9919c92d5a319fbda54212be1743dd69' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.sim24.de https://umfrage.sim24.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-4b43ce2b38b32e602cc3eb5f194b3c33' 'nonce-b1bed14c39a4456fad874857bcc38c42' 'nonce-e42005992ff7d183e0d8fb123d587b6b' 'nonce-b2bb357ec4a86548e61e18daca65821a' 'nonce-a4c5abaee412ac4431c246d9fd504a84' 'nonce-9de8d564ebc47838cdf4f024ac6ecc9d' 'nonce-8f1b8b068c6431e36014b8d06e00b96d' 'nonce-0a6b5b468b7e950c03c0a15bcd2a1eb3' 'nonce-9919c92d5a319fbda54212be1743dd69' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at cdn.linkedin.oribi.io; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtu.be *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at *.vimeo.com vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: *.kununu.com storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; object-src https://*.cloudfront.net/; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com *.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy https://www.google.com/ *.newrelic.com *.onetrust.com https://*.qualtrics.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.amazonaws.com/ https://*.cloudfront.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com data-eu.nestlehealthscience.com https://*.qualtrics.com https://www.googletagmanager.com https://unpkg.com https://fonts.googleapis.com https://www.googletagmanager.com https://px.ads.linkedin.com/ https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ https://*.amazonaws.com/ https://*.cloudfront.net/; report-uri /report-csp-violation 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://consentcdn.cookiebot.com/; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://stalker2.com https://mailto:dkulik@stalker2.com mailto:dkulik@stalker2.com; frame-src https://consentcdn.cookiebot.com/ https://www.google.com/; img-src 'self' https://www.ssls.com https://imgsct.cookiebot.com/; media-src 'none'; object-src 'none'; script-src 'self' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js https://cookieinfoscript.com/js/cookieinfo.min.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/ 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
base-uri 'none';connect-src 'self' wss://*.fuelrats.com https://dev.api.fuelrats.com ;default-src 'self' *.fuelrats.com;font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://js.stripe.com;img-src 'self' *.wp.com blob: data:;manifest-src 'self';object-src 'self' data:;script-src 'self' *.stripe.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de www.youtube.com;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de staging-api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de www.youtube.com;style-src 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-46fbfca9733b36064aa390cd03ca6c5c' 'nonce-d70712a2519d6ec9e31ef8ed578283fe' 'nonce-3f7f04fe1c2c696165c753d02cdc7bd2' 'nonce-12dde7de92620b5ac71e9950f887857a' 'nonce-de3bd65a7a6d47d1c055563090b1d9a6' 'nonce-c1f6537858f1ea6705f4e61847eb8f83' 'nonce-1ee0c7b0b7399773c965f01e2accd2db' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-46fbfca9733b36064aa390cd03ca6c5c' 'nonce-d70712a2519d6ec9e31ef8ed578283fe' 'nonce-3f7f04fe1c2c696165c753d02cdc7bd2' 'nonce-12dde7de92620b5ac71e9950f887857a' 'nonce-de3bd65a7a6d47d1c055563090b1d9a6' 'nonce-c1f6537858f1ea6705f4e61847eb8f83' 'nonce-1ee0c7b0b7399773c965f01e2accd2db' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'nonce-T3FrVbJPDB71AsEvxL9iF27CJts=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-a5427c9dcd48a6665dd5e748ccaea519' 'nonce-da2033ce35d8d33f063a48efc117d240' 'nonce-faae1edc3a9ad5dbbe1857c3f91031ed' 'nonce-0d2bc9941e4ad18d26c04ea05bf3d5e2' 'nonce-d615d4a62bcf7ad188404b263af6464b' 'nonce-7f4f43fa572c6bc584e73f91a5be8dd9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a5427c9dcd48a6665dd5e748ccaea519' 'nonce-da2033ce35d8d33f063a48efc117d240' 'nonce-faae1edc3a9ad5dbbe1857c3f91031ed' 'nonce-0d2bc9941e4ad18d26c04ea05bf3d5e2' 'nonce-d615d4a62bcf7ad188404b263af6464b' 'nonce-7f4f43fa572c6bc584e73f91a5be8dd9' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de playout.3qsdn.com klimacampus.org *.klimacampus.org *.bne.unesco.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://cdn.cookielaw.org https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' medien01.gsb.bund.de; media-src blob: 'self' medien01.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com wireframe.cc cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-9e6fff00b15d0a49f610258b00681ea9' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none'; frame-ancestors 'self' 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-ec45df07f44017c7821b27ee47f61ed2' 'nonce-d8caa0fd83c46014a57b1dc43a9b3fd4' 'nonce-dcdf82a7b7a3d1bf658fd37ca9ed1853' 'nonce-bd3c1926c123f7af71cd37eeb2745376' 'nonce-b879f004820c45070e21638b7a4d7108' 'nonce-240a9234d7c4e254df201a4d4d895d02' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ec45df07f44017c7821b27ee47f61ed2' 'nonce-d8caa0fd83c46014a57b1dc43a9b3fd4' 'nonce-dcdf82a7b7a3d1bf658fd37ca9ed1853' 'nonce-bd3c1926c123f7af71cd37eeb2745376' 'nonce-b879f004820c45070e21638b7a4d7108' 'nonce-240a9234d7c4e254df201a4d4d895d02' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style 1
default-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.un.org; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com cdn.jsdelivr.net *.un.org; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.google.it *.googletagmanager.com data:;; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com *.un.org unitednations.sharepoint.com cdnapisec.kaltura.com; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com unitednations.sharepoint.com cdnapisec.kaltura.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' *.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' blob: *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com https://seatmap.vivenu.com https://vivenu.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com *.taboola.com; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://seatmap.vivenu.com https://vivenu.com rsms.me https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me https://seatmap.vivenu.com https://vivenu.com s3.eu-central-1.amazonaws.com lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com *.mappedin.net mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com https://vcx-centre-websites-stripe-logo.s3.ap-southeast-2.amazonaws.com; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com rsms.me https://seatmap.vivenu.com https://vivenu.com https://fonts.gstatic.com data: data:; connect-src 'self' wss://seatmap.vivenu.com stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.sentry.io *.simplybook.me https://seatmap.vivenu.com https://vivenu.com *.vicinity.com.au *.trackjs.com *.stripe.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://fonts.gstatic.com https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net *.taboola.com; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://seatmap.vivenu.com https://vivenu.com *.taboola.com https://*.adsrvr.org; object-src *.googlesyndication.com; media-src dai.google.com *.storyblok.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; frame-ancestors https://app.storyblok.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
default-src 'self' 'unsafe-inline' images-2.partnerportal.ionos.de 1
default-src 'self' 'unsafe-inline' ; img-src https://*; script-src 'self' 'unsafe-inline' https://sibforms.com/forms/end-form/build/main.js https://kit.fontawesome.com/51c52a1f48.js https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' http://sibforms.com/forms/end-form/build/sib-styles.css ; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-473a46b058411e7b27871f91182b9cc7' 'nonce-e0a566a6f57c8a96eb9965c66e08b36e' 'nonce-f3903ee56015d6b0271eb3cc7fc71968' 'nonce-87ee3fe1db9b83742f22bf9190b644e6' 'nonce-f297080fb0f3db5ce6a4264810e2c696' 'nonce-1d4524bef8e17369fcf34802d3303ea7' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-473a46b058411e7b27871f91182b9cc7' 'nonce-e0a566a6f57c8a96eb9965c66e08b36e' 'nonce-f3903ee56015d6b0271eb3cc7fc71968' 'nonce-87ee3fe1db9b83742f22bf9190b644e6' 'nonce-f297080fb0f3db5ce6a4264810e2c696' 'nonce-1d4524bef8e17369fcf34802d3303ea7' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be; object-src *; style-src * 'self' 'unsafe-inline' https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_ data-eu.purina.be 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com ticketcenter.be24-7.de; frame-ancestors 'self' 1
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://cdn-cookieyes.com https://*.cookieyes.com https://*.google-analytics.com https://*.googletagmanager.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.googleapis.com https://*.acsbapp.com https://acsbapp.com https://*.analytics.google.com; font-src 'self' https://kit.fontawesome.com https://ka-p.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://*.flippingbook.com https://online.flippingbook.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://online.flippingbook.com https://*.googletagmanager.com https://www.google.com; img-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://acsbapp.com https://*.acsbapp.com https://secure.gravatar.com; script-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://kit.fontawesome.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://acsbapp.com https://*.acsbapp.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.viciproperties.com https://viciproperties.com https://dev-vici-properties.pantheonsite.io https://test-vici-properties.pantheonsite.io https://live-vici-properties.pantheonsite.io https://*.flippingbook.com https://online.flippingbook.com https://*.googletagmanager.com https://tagmanager.google.com https://acsbapp.com https://*.acsbapp.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; frame-ancestors 'self'; frame-src 'self' https://login.microsoftonline.com/ https://challenges.cloudflare.com/ https://forms.office.com https://www.youtube-nocookie.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net/2.3.4/js/dataTables.js https://challenges.cloudflare.com/ https://*.google-analytics.com https://*.googletagmanager.com https://feeds.trac.jobs https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.datatables.net/2.3.4/css/dataTables.dataTables.css https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://challenges.cloudflare.com/ https://feeds.trac.jobs https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; manifest-src 'self'; base-uri 'none'; form-action 'self' https://search.ebscohost.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com data-eu.purina.pl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.<TLD>; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * data-eu.purina.pl; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com *.linkedin.com; report-uri /report-csp-violation 1
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *hosted-pageflow.com *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com gemeinschaftswerk-nachhaltigkeit.de my.walls.io klimacampus.org *.klimacampus.org *.bne.unesco.de; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data: https://use.fontawesome.com frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
font-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-5f8e8042d2e3b94fedacae9ec8e4ae76' 'nonce-edeac04cb9907d6dcc179d33066fb442' 'nonce-382dfa085976d0b43dc0b604c3246786' 'nonce-f1175632972c604f3ad980b6c059459f' 'nonce-d267f51d49f657a816c8808f1830f461' 'nonce-94d218f64d2b17bb451cef83967dfe25' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-5f8e8042d2e3b94fedacae9ec8e4ae76' 'nonce-edeac04cb9907d6dcc179d33066fb442' 'nonce-382dfa085976d0b43dc0b604c3246786' 'nonce-f1175632972c604f3ad980b6c059459f' 'nonce-d267f51d49f657a816c8808f1830f461' 'nonce-94d218f64d2b17bb451cef83967dfe25' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
frame-src https://platform.twitter.com https://www.eucpn.org https://eucpn.org  https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.youtube.com; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
script-src 'self' 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net dc.services.visualstudio.com *.fastway.org oss.maxcdn.com *.fastway.co.nz *.fastwayenquiries.com www.fastwayfms.com *.api.fastway.org *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com  *.gstatic.com https://*.googleusercontent.com *.googleusercontent.com *.google.com googleadservices.com youtube.com *.fastway.com.au https://*.messagebird.com localhost:44399 wss://localhost:44399; 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.cookiebot.eu *.teamtailor-cdn.com *.facebook.net *.bokabord.se *.bidtheatre.com chat.hotelchat.ai; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com *.cookiebot.com backend.chatbase.co *.usercentrics.eu *.cookiebot.eu; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com *.doubleclick.net chat.hotelchat.ai *.cookiebot.eu; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net *.chatbase.co *.cookiebot.eu *.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.springload.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com https://staticcdn.co.nz https://www.youtube-nocookie.com/; img-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://staticcdn.co.nz https://*.swiftype.com https://*.springload.nz https://www.powershop.co.nz blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com https://*.springload.nz https://www.powershop.co.nz 'nonce-OWUzMTJkNTkyZTc4YWRjZDc0MWYzZmE1OGRiYmFhMjBlOWM1NzljYWVmM2QwYmIxNjU1NzJjMDA2ZTMxNzdhZGE2MWQ4ZGYxNjNiOGM5NDMxNDJiZWFkOWU3YzZkM2I3ZjliYTNlMmNhYTBhNWI3M2EyNGFhOGRmZDRjODM0ZTc=' 'unsafe-eval' blob:; style-src 'self' https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://staticcdn.co.nz https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://www.telekom.de/shop/tarife/internet-tarife https://www.o2online.de https://www.vodafone.de https://dsl.1und1.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://eu01.rec.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-36b8f52d28cdf709fbefaa17dffc35c1' 'nonce-061e1bf7a89997593ee85bfefe36a741' 'nonce-92633a51f0172c9d303219eb2abf9003' 'nonce-11463fc61443c5fecaee86e7e3b7ec3b' 'nonce-a88fdaa67896774347f29d3b895812df' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data: 'report-sample'; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://netmap.vodafone.de/cokart-client/index.html https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-36b8f52d28cdf709fbefaa17dffc35c1' 'nonce-061e1bf7a89997593ee85bfefe36a741' 'nonce-92633a51f0172c9d303219eb2abf9003' 'nonce-11463fc61443c5fecaee86e7e3b7ec3b' 'nonce-a88fdaa67896774347f29d3b895812df' 'self' 'unsafe-inline' https: 'report-sample' 1
frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com  https://*.cevalogistics.com  https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
base-uri 'none';child-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com;connect-src 'self' ws: wss: https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://google.com https://google.co.uk https://connect.facebook.net https://www.facebook.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://assets.zuko.io https://api.zuko.io https://b9r8u7pkx0.execute-api.eu-west-1.amazonaws.com/v1/domains/homegroup.org.uk/forms/ https://zuko-session-replay-recordings-prod.s3.amazonaws.com/ webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.tiktok.com https://*.ttwstatic.com https://*.consultationonline.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com https://www.googletagmanager.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://*.ceros.com https://assets.zuko.io https://api.zuko.io https://*.clarity.ms https://*.clarity.microsoft.com https://c.bing.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://www.tiktok.com https://*.ttwstatic.com https://www.googletagmanager.com; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src * https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * *.ownid.com* https://d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com/chat/rest data-eu.purina.nl 1
base-uri 'none';child-src 'none';connect-src 'self' nusantaradev.chakra.uno nusantara.chakra.uno be-chilgo-prenagen-dev-d33dgvhu5a-as.a.run.app articlecommunityapi.chakra.uno storage.googleapis.com fastly.jsdelivr.net *.facebook.com www.google-analytics.com revamp-loyalty-bff-wcjse4tjjq-et.a.run.app nusantara.chakrarewards.com analytics.google.com unpkg.com https://*.g.doubleclick.net revamp-loyalty-bff-dev-chdcaf35ya-et.a.run.app be-chilgo-prenagen-dev-chdcaf35ya-et.a.run.app revamp-loyalty-bff-dev-12772865132.asia-southeast2.run.app be-chilgo-prenagen-dev-12772865132.asia-southeast2.run.app analytics.tiktok.com www.google.com www.googleadservices.com www.google.co.id www.googletagmanager.com https://*.useinsider.com https://*.api.useinsider.com https://hb-s3-media-stg.s3.ap-southeast-3.amazonaws.com https://hb-s3-media-prod.s3.ap-southeast-3.amazonaws.com https://analytics-ipv6.tiktokw.us https://cdn.jsdelivr.net wss://*.useinsider.com ws: webpack://*;default-src 'self';font-src 'self' fonts.gstatic.com *.useinsider.com *.api.useinsider.com;form-action 'self';frame-ancestors https://loyalty-teman-prenagen-dev-chdcaf35ya-et.a.run.app https://loyalty-web-chilgo-dev-chdcaf35ya-et.a.run.app https://blackmores-rewards-club-dev-chdcaf35ya-et.a.run.app https://loyalty-kecc-dev-chdcaf35ya-et.a.run.app https://loyalty-entrasol-dev-chdcaf35ya-et.a.run.app https://entrasol2021.dev.rollingglory.com *.prenagen.com https://www.chilgorewardsclub.com https://loyalty.blackmores.co.id https://www.blackmores.co.id https://loyalty.sahabatkecc.com https://sahabatkecc.com https://loyalty.entrasol.com https://kpoin.entrasol.com https://entrasol.com https://www.entrasol.com https://kecc.kalbe.co.id https://kalbe.co.id https://www.kalbe.co.id https://kecc.klikdokter.com https://klikdokter.com https://www.klikdokter.com https://loyalty.morinagaweb.by.rollingglory.com https://morinagaweb.by.rollingglory.com https://loyalty.morinaga.id https://kpoin.morinaga.id https://morinaga.id;frame-src *;img-src 'self' * data: blob:;manifest-src 'self';media-src 'self' * data:;object-src 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com;script-src 'self' www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com *.facebook.com connect.facebook.net tinyurl.com cdn.tiny.cloud assets.adobedtm.com analytics.tiktok.com www.googleadservices.com www.google.co.id *.useinsider.com *.api.useinsider.com *.youtube.com https://cdn.jsdelivr.net https://*.g.doubleclick.net 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval';style-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net tinyurl.com www.gstatic.com www.googletagmanager.com cdn.tiny.cloud *.useinsider.com *.api.useinsider.com 'unsafe-inline';worker-src 'self' * data: blob:; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg www.google.mu www.google.com.tj www.google.com.kw ajax.cloudflare.com www.google.com.pe www.google.li www.google.com.gh www.google.sn www.google.bj www.google.dz www.google.com.jm www.google.com.cu www.google.cd api.wp-rocket.me; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' wss://directline.botframework.com https://directline.botframework.com directline.botframework.com https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://*.algolia.net *.algolia.net https://*.algolianet.com *.algolianet.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://stats.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' https://*.faqbot.nz *.faqbot.nz https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://dnc.us5.list-manage.com dnc.us5.list-manage.com; frame-ancestors 'self'; frame-src 'self' wss://directline.botframework.com https://youtube.com youtube.com https://youtu.be youtu.be https://*.sharethis.mgr.consensu.org *.sharethis.mgr.consensu.org https://www.google.com www.google.com https://public.tableau.com public.tableau.com https://player.vimeo.com player.vimeo.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.analytics.google.com *.analytics.google.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.g.doubleclick.net *.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.nz *.google.co.nz https://*.faqbot.nz *.faqbot.nz https://*.sharethis.com *.sharethis.com https://www.facebook.com www.facebook.com data:; media-src https://youtube.com youtube.com https://www.youtube.com www.youtube.com https://vimeo.com vimeo.com https://youtu.be youtu.be https://i.vimeocdn.com i.vimeocdn.com; object-src 'self'; script-src 'self' https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://sharethis.com sharethis.com https://*.sharethis.com *.sharethis.com https://*.googletagmanager.com *.googletagmanager.com https://www.google.com www.google.com https://gstatic.com gstatic.com https://public.tableau.com public.tableau.com https://code.jquery.com code.jquery.com https://www.google-analytics.com www.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://*.sharethis.js *.sharethis.js https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.gstatic.com www.gstatic.com 'nonce-ZWVkNjZlMTBmZGMyMTcwZTIxYWUxYjhjYjIyZWY3ZTJlODZhOTgwMDg4YmY1NzNiZWY5ZjkwNmI4YjIxMWFjNWNlZDQ5ZDY3N2YwNjgwZDI2NjhjOTQ1ZDgyMGJlNzgwNTkxYjliYjc2NGJmZTZjMjk0YWI5ZjBiZmYwOTY3YzM=' 'unsafe-eval'; style-src 'self' https://unsafe-inline unsafe-inline https://*.faqbot.nz *.faqbot.nz https://faqbotprodstorage.blob.core.windows.net faqbotprodstorage.blob.core.windows.net https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.google-analytics.com ssl.google-analytics.com https://tagmanager.google.com tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-to csp-endpoint; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'self' data: image/* https://google.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.googleadservices.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://*.quantserve.com https://*.quantcount.com https://measurement-api.criteo.com https://bat.bing.com https://*.clarity.ms https://use.fontawesome.com https://player.vimeo.com https://extend.vimeocdn.com https://my.matterport.com https://*.onetrust.com https://cdn.cookielaw.org https://bam.nr-data.net https://web-sandbox.pypestream.com https://*.pype.tech https://*.launchdarkly.com https://cdn.jsdelivr.net https://*.typekit.net https://*.facebook.com https://connect.facebook.net https://*.tiktok.com https://*.linkedin.com; script-src 'unsafe-inline'  'unsafe-eval'  'self'  https://www.googletagmanager.com  https://*.googlesyndication.com  https://maps.googleapis.com  https://www.googleadservices.com  https://www.google-analytics.com  https://*.doubleclick.net  https://secure.quantserve.com  https://rules.quantcount.com  https://*.criteo.com  https://*.criteo.net  https://bat.bing.com  https://*.clarity.ms/  https://use.fontawesome.com  https://*.vimeo.com  https://*.vimeocdn.com  https://static.cloudflareinsights.com  https://cdn.cookielaw.org  https://js-agent.newrelic.com  https://web-sandbox.pypestream.com  https://*.pype.tech  https://*.pypest https://web.pypestream.com  https://*.facebook.net  https://business-api.tiktok.com/  https://analytics.tiktok.com/  https://snap.licdn.com  https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://www.googletagmanager.com/ https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com  https://www.google.com; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' https://secure.livechatinc.com *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com https://api.livechatinc.com https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com  *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com https://api.reciteme.com 1
worker-src 'self' blob: data:; default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.usercentrics.eu *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.openstreetmap.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1
base-uri 'self' https://www.pink.test https://www.selesti.com; default-src 'self' https://*.clarity.ms *.clarity.ms https://c.bing.com c.bing.com 'unsafe-inline'; connect-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.facebook.net *.facebook.net https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-growth-metrics.com *.hs-growth-metrics.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsadspixel.net *.hsadspixel.net https://*.hubspot.com *.hubspot.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://api.hubapi.com api.hubapi.com https://apis.google.com apis.google.com https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://googleadservices.com googleadservices.com https://js.hs-banner.com js.hs-banner.com https://js.hsforms.net js.hsforms.net https://player.vimeo.com player.vimeo.com https://poirot.selesti.com poirot.selesti.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net https://*.clarity.ms *.clarity.ms https://*.analytics.google.com *.analytics.google.com https://*.cookiebot.com *.cookiebot.com https://*.googlesyndication.com *.googlesyndication.com https://*.linkedin.oribi.io *.linkedin.oribi.io; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com https://forms.hsforms.com forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://app.hubspot.com app.hubspot.com https://forms.hsforms.com forms.hsforms.com https://*.cookiebot.com *.cookiebot.com; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.google-analytics.com *.google-analytics.com https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.jp *.google.co.jp https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.se *.google.se https://*.google.sk *.google.sk https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hsforms.com *.hsforms.com https://*.hsforms.net *.hsforms.net https://*.hubspot.com *.hubspot.com https://*.linkedin.com *.linkedin.com https://cx.atdmt.com cx.atdmt.com blob: data:; media-src https://*.vimeo.com *.vimeo.com https://*.vimeocdn.com *.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://ssl.gstatic.com ssl.gstatic.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.net *.facebook.net https://*.google-analytics.com *.google-analytics.com https://*.google.ae *.google.ae https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.au *.google.com.au https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.de *.google.de https://*.google.fr *.google.fr https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.ru *.google.ru https://*.google.sk *.google.sk https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-banner.com *.hs-banner.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsforms.net *.hsforms.net https://*.hsforms.com *.hsforms.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://js.hsadspixel.net js.hsadspixel.net https://*.clarity.ms *.clarity.ms https://*.cookiebot.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com 'unsafe-inline'; worker-src 'self'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; upgrade-insecure-requests 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com https://utt.impactcdn.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net static.zdassets.com api.smooch.io cdn.userway.org *.intercom.io *.intercomcdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com www.googletagmanager.com fonts.gstatic.com fonts.googleapis.com cdn.userway.org; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com https://analytics.google.com https://td.doubleclick.net bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com https://analytics.google.com https://td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net cdn.userway.org intercom-sheets.com; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com cdn.userway.org fonts.intercomcdn.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com ekr.zdassets.com chs-support.zendesk.com zendesk-eu.my.sentry.io wss://api.smooch.io/faye *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com https://www.googletagmanager.com https://analytics.google.com https://td.doubleclick.net https://ajax.googleapis.com bat.bing.com fonts.googleapis.com www.w3m.com *.userway.org *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' www.fotoprofi.de img.fotoprofi.de https://pc-cdn.fra1.cdn.digitaloceanspaces.com/ rmail.fotoprofi.de c.emailsys2a.net apple.com *.apple.com cdn.pay1.de d.ratepay.com d.ratepay.de secure.pay1.de https://www.youtube-nocookie.com img.youtube.com i.ytimg.com analytics.google.com *.analytics.google.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com tagmanager.google.com *.tagmanager.google.com apis.google.com *.apis.google.com www.gstatic.com bat.bing.com bat.bing.net connect.facebook.net facebook.com *.facebook.com facebook.net *.facebook.net *.etrusted.com *.trustedshops.com *.saal-digital.net *.fotodiensteservice.de https://s3.eu-central-1.amazonaws.com/fra-webresources/ https://s3.eu-central-1.amazonaws.com/fra-webpages.shop.saal-digital.net/ fra-webresources.s3.eu-central-1.amazonaws.com photoservice.cloud https://*.loadbee.com/ availability.loadbee.com/v3/EAN/ https://cdn.loadbee.com https://content.syndigo.com/asset/ https://content.syndigo.com/page/ https://content.syndigo.com/site/ https://scontent.webcollage.net https://syndi.webcollage.net/site/xenudo-de-de/tag.js https://*.joomag.com/res_mag/ https://www.gravatar.com media.flixcar.com media.flixfacts.com *.flix360.com media.flixsyndication.net *.flix360.io syndication.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.jwplayer.com d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com analytics.webgains.io api.webgains.io 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report.php; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm www.google.gy paldiski.ee www.christmasmarket.ee www.logistikauudised.ee www.voyagesofdiscovery.co.uk static.neljas.ee www.google.tm cns.omxgroup.com www.iaa.ie www.komerk.ee www.jazzkaar.ee arensburg.ee www.iaa.ie kliimaministeerium.ee konkurents.ee laaneharju.ee images.marinetraffic.com www.konkurents.ee www.google.com.af www.lngconference.eu www.upf-group.dk www.cruiseeurope.com tentea.ec.europa.eu www.google.as www.google.com.et www.google.cf www.google.com.tj www.google.com.om www.google.co.ck www.google.co.zm kit.fontawesome.com ka-p.fontawesome.com; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1
worker-src 'self' blob: data:; default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.usercentrics.eu *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.bisp-surf.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com https://youtu.be *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com https://youtu.be; frame-src *.google.com *.gstatic.com *.youtube.com https://youtu.be *.vimeo.com www.datawrapper.de datawrapper.dwcdn.net; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com https://youtu.be *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self' www.datawrapper.de datawrapper.dwcdn.net; worker-src 'self'; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-4aVFdGn+AIdMA7dBxnluxwaX' 'nonce-syq3NieMGEofGj1Y1qfeDPet' 'nonce-rGYcx4sKaqRqjKoJ0bgc65yX' 'nonce-b9dwXDLVGmBm4igsQY+OMYmT' 'nonce-dLXwr3U+wgxq1TDZPlbXg3VT' 'nonce-V+smruGRny2eKvXFonmPdQlv' 'nonce-PivtYqS6/xj/A8WGXY2sprAF' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://www.google.com http://www.google.com www.google.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://global.frcapi.com http://global.frcapi.com global.frcapi.com https://www.google.com http://www.google.com www.google.com https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://pro.doctolib.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com http://www.google.com www.google.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://skbs-platform.condat.cloud http://skbs-platform.condat.cloud skbs-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test.interpayafrica.com https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test.interpayafrica.com https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://us4-files.zohopublic.com; img-src 'self' data: https://p.typekit.net https://eadchannels.blob.core.windows.net https://eadchannels.blob.core.windows.net/* https://tawk.link https://tawk.link/* https://test.interpayafrica.com https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://www.google.co.ug https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug; frame-src 'self' https://www.oldmutual.co.za/ https://test.interpayafrica.com https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://ipp-old-mutual-kenya.staging.aspin-inclusivity.com https://ipp-old-mutual-kenya.staging.aspin-inclusivity.com/*; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1 http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1/* https://interpayafrica.com/interapi/ProcessPayment https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://js-eu1.hs-scripts.com https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug https://*.demandbase.com https://*.demandbase.com/* https://*.company-target.com https://*.bf.dynatrace.com https://*.zoho.com https://goals-qa.digital.omapps.net:8080; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com  https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://www.google.com https://www.gstatic.com https://*.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://*.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://*.demandbase.com https://*.demandbase.com/* https://*.company-target.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://secure.rewards.oldmutual.com.na/ https://test.interpayafrica.com https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com https://test.interpayafrica.com https://test.interpayafrica.com/* 1
font-src 'self' https://userlike-cdn-umm.b-cdn.net; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self'; script-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://stats.th-bingen.de 'unsafe-inline'; connect-src 'self' *.th-bingen.de *.b-ite.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com wss://umd.userlike.com https://stats.th-bingen.de;  img-src * *.b-ite.com data:; style-src 'self' 'unsafe-inline' *.b-ite.com data:; 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://static.zdassets.com https://gpt.avm.botario.com https://www.gravatar.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com wss://pod-28.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com wss://gpt.avm.botario.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://widget-mediator.zopim.com https://gpt.avm.botario.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com https://gpt.avm.botario.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com  1
base-uri 'self'; default-src 'self' blob: data: *.storck.com *.wonderlandmovies.de *.stage.sto.adacor.net ar.merci.at ar.merci.pl *.amazonaws.com; script-src 'self' 'nonce-HoBAzq7eC00z0WzDaHD-JIvtwKHIdCyZ8n6mbLD0U9DTRcNaiTzGCA' blob: data: *.storck.com storck.piwik.pro *.googleadservices.com *.pricespider.com *.mapbox.com s3.us-west-2.amazonaws.com click2cart.com *.click2cart.com maps.googleapis.com; img-src 'self' blob: data: *.storck.com storck.piwik.pro *.pricespider.com *.wonderlandmovies.de *.stage.sto.adacor.net staebchen-designer.merci.de *.amazonaws.com *.gstatic.com attach-videos.s3.amazonaws.com *.albertsons-media.com *.media-amazon.com *.walmartimages.com click2cart.com *.click2cart.com maps.gstatic.com maps.googleapis.com c.imedia.cz gdecz.hit.gemius.pl ib.adnxs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.pricespider.com *.mapbox.com click2cart.com *.click2cart.com maxcdn.bootstrapcdn.com s3.us-west-2.amazonaws.com fonts.googleapis.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mapbox.com *.iriworldwide.com click2cart.com *.click2cart.com maps.googleapis.com; font-src 'self' data: *.storck.com s3.us-west-2.amazonaws.com maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' *.storck.com data: ar.merci.at ar.merci.pl *.stage.sto.adacor.net staebchen-designer.merci.de blob: di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://maps.googleapis.com; img-src data: 'self' https://d1be5sn7lppxuh.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google.com; media-src 'self' https://d1be5sn7lppxuh.cloudfront.net; form-action 'self'; manifest-src 'self' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src 'none'; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com data-eu.nestlehealthscience.co.uk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1
default-src data: 'self';script-src 'self' 'unsafe-eval' https://*.here.com;style-src 'self' 'unsafe-inline' ;object-src 'self' blob:;img-src 'self' data: blob:;connect-src blob: 'self' https://*.here.com;worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org unpkg.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com unpkg.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com unpkg.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com cdn.ckeditor.com maps.googleapis.com *.polyfill.io *.google.com *.unpkg.com *.gstatic.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: maps.gstatic.com maps.googleapis.com imgsct.cookiebot.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app *.google-analytics.com *.cookiebot.com *.googletagmanager.com open.spotify.com e.issuu.com *.tiktok.com donorbox.org return.flexmail.eu; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com slant.co data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: region1.google-analytics.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.tiktok.com *.donorbox.org; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://heyzine.com https://skk.erecruiter.pl https://*.heyzine.com  https://*.google.com https://www.googletagmanager.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com  https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src https://skk.erecruiter.pl https://*.seznam.cz 'self' https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com https://skk.erecruiter.pl  https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com ttps://skk.erecruiter.pl 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' https://inaadress.maaamet.ee https://www.google.com https://www.gstatic.com ; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com blob:; 1
default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/*  https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com https://*.zohostatic.com https://dtzpfzv31buvf.cloudfront.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://dtzpfzv31buvf.cloudfront.net; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://*.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://*.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://*.zoho.com https://salesiq.zoho https://*.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://geo-tracker.trinadsp.co.za https://*.oldmutual.co.za https://*.adform.net https://server.seadform.net https://*.twitter.com https://ads-twitter.com https://www.googletagmanager.com https://ad.doubleclick.net https://connect.facebook.net https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://bat.bing.com https://us4-files.zohopublic.com  https://*.company-target.com https://*.rlcdn.com https://www.google.co.ug https://*.oldmutual.co.ke https://oldmutual.co.ke https://oldmutual.co.ug https://*.oldmutual.co.ug; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://*.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://*.twitter.com https://*.adform.net https://td.doubleclick.net https://*.oldmutual.com.gh https://*.rather.chat/* https://*.rather.chat https://*.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://lively-crisp-16b428.netlify.app/ https://ipp-om-uganda-flp.inclusivity-aspin.com/; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1 http://internal-ng-sales-alb-latest-1611935435.eu-west-1.elb.amazonaws.com:8080/api/v1/* https://*.oldmutual.com.gh/* https://api.interpayafrica.com/* https://interpayafrica.com/* https://*.oldmutual.com.gh https://interpayafrica.com/* https://test.interpayafrica.com https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://*.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://b.ws.sessioncam.com https://*.ominsure.co.za https://*.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to  wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://goals-qa.digital.omapps.net:8080 https://*.twitter.com https://ads-twitter.com https://developer.huawei.com/consumer https://*.eskimi.com https://*.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://bf87291oim.bf.dynatrace.com https://bf62395jrv.bf.dynatrace.com https://api.hubspot.com https://*.oldmutual.com.gh https://sms.hubtel.com https://*.company-target.com https://google.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://oldmutual.co.ug https://*.oldmutual.co.ug https://*.zoho.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://*.zohocdn.com https://*.zohopublic.com https://*.zohopublic.com/widget https://analytics.twitter.com https://*.report.gbss.io https://cdn.gbqofs.com https://*.oldmutual.com.gh/* https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://*.oldmutual.com.gh https://test.interpayafrica.com https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://*.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://*.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://*.tools.investis.com https://*.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://*.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://bf87291oim.bf.dynatrace.com https://bf62395jrv.bf.dynatrace.com https://secure.adnxs.com/ https://quantserve.com/quant.js http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://*.company-target.com https://js-eu1.hs-scripts.com https://js-cdn.dynatrace.com https://api.hubspot.com https://sms.hubtel.com https://*.company-target.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://oldmutual.co.ug https://*.oldmutual.co.ug; frame-ancestors https://secure.rewards.oldmutual.co.za.dev https://secure.rewards.oldmutual.co.za.dev/* https://secure.rewards.qa.oldmutual.co.za https://secure.rewards.qa.oldmutual.co.za/* https://secure.rewards.oldmutual.co.za/ https://secure.rewards.oldmutual.com.na.dev https://secure.rewards.oldmutual.com.na.dev/* https://secure.rewards.qa.oldmutual.com.na https://secure.rewards.qa.oldmutual.com.na/* https://secure.rewards.oldmutual.com.na/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/ https://lively-crisp-16b428.netlify.app/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com https://*.oldmutual.com.gh https://*.oldmutual.com.gh/* https://test.interpayafrica.com  https://test.interpayafrica.com/* https://*.oldmutual.co.ke https://oldmutual.co.ke https://oldmutual.co.ug https://*.oldmutual.co.ug https://media.zohostatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
frame-ancestors 'self'; 1
base-uri 'none';child-src 'none';connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.googletagmanager.com https://td.doubleclick.net;img-src 'self' data: https://cdn.cookielaw.org https://*.google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.googletagmanager.com https://d21y75miwcfqoq.cloudfront.net/deaafc32 https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
* 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.citationsy.com *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.hsforms.com *.hsforms.com; font-src 'self' https://*.typekit.net *.typekit.net; form-action 'self' https://*.hsforms.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.hsforms.com *.hsforms.com https://*.matterport.com *.matterport.com https://*.youtube.com *.youtube.com https://*.google.com *.google.com; img-src 'self' https://*.olivia.com *.olivia.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.hsappstatic.com *.hsappstatic.com https://*.hsforms.com *.hsforms.com https://*.hs-embed-reporting.com *.hs-embed-reporting.com https://*.hubspot.com *.hubspot.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'self' https://*.olivia.com *.olivia.com https://samplelib.com samplelib.com https://*.googleapis.com *.googleapis.com; object-src 'none'; script-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.clarity.ms *.clarity.ms https://*.googletagmanager.com *.googletagmanager.com https://*.hsforms.net *.hsforms.net https://*.hs-scripts.com *.hs-scripts.com https://*.youtube.com *.youtube.com 'unsafe-inline'; style-src 'self' https://*.typekit.net *.typekit.net 'unsafe-inline'; upgrade-insecure-requests 1
connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com *.google.com blob: data:; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com *.google.com https://*.youtube.com *.youtube.com https://beacon-control.msas.uk/beacon.php; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.openstreetmap.org https://api.mapbox.com https://*.google.com *.google.com https://*.googleusercontent.com *.googleusercontent.com blob: data:; object-src 'self'; script-src 'self' https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.google.com *.google.com https://*.ggpht.com https://*.googleusercontent.com *.googleusercontent.com https://js.pusher.com https://cdn.tiny.cloud https://*.youtube.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.gstatic.com https://*.googleapis.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self' blob: 1
base-uri 'none'; default-src 'none'; child-src https://web.cmp.usercentrics.eu https://www.youtube.com https://www.youtube.com https://www.google.com; connect-src 'self' https://v1.api.service.cmp.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://q.clarity.ms; font-src 'self' https://use.typekit.net; frame-ancestors 'self'; frame-src https://web.cmp.usercentrics.eu https://www.youtube.com https://www.google.com; img-src 'self' https://app.usercentrics.eu https://uct.service.usercentrics.eu https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://i3.ytimg.com https://c.clarity.ms https://c.bing.com https://www.google.com https://www.google.be data:; manifest-src 'self'; script-src 'self' https://web.cmp.usercentrics.eu https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://use.typekit.net https://www.clarity.ms 'nonce-e817ae2c1ecf4cfc' 'nonce-8c4159f4d41b73ba'; style-src 'self' https://use.typekit.net https://p.typekit.net 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net *.videodelivery.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net medien.bka.de https://www.flens.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.videodelivery.net; img-src 'self' data: *.bka.de *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de *.openstreetmap.org; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de *.facebook.com; 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.x.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com cdnjs.cloudflare.com; img-src 'self' https: data: android-webview-video-poster: *.jwplayer.com http://docs.jwplayer.com; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com rumble.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com x.com *.x.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com *.jwplayer.com cdnjs.cloudflare.com stats.addtoany.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; media-src 'self' https://reile.co.jp 1
default-src 'self'; child-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com https://www.yumpu.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; frame-src https://www.youtube.com www.youtube.com https://*.facebook.com https://player.vimeo.com https://www.yumpu.com; img-src 'self' https://www.facebook.com https://* * https://www.google-analytics.com https://ssl.google-analytics.com data:; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://s.ytimg.com https://www.googletagmanager.com 'nonce-/0RD4PGtuVV1PC5pD9B6jWWb' 'unsafe-inline' 'strict-dynamic'; style-src 'self' https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-uri https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; report-to https://403e2720446385ad0c84ae222f0e0f42.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://gssapps.ebscohost.com/ https://forms.office.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.nl https://*.webspellchecker.net 1
default-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: *.openstreetmap.org ; media-src 'self' ; font-src 'self' ; frame-src 'self' data: ; connect-src 'self' data: ; 1
img-src 'self' *.norma.fr https://piwik.norma-online.de https://captcha.liveidentity.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma.fr https://piwik.norma-online.de www.youtube.com blob:; object-src 'none'; font-src 'self' *.norma.fr; 1
default-src 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org https://login.microsoftonline.com http://login.microsoftonline.com login.microsoftonline.com https://www.google.com http://www.google.com www.google.com https://client.inecos.de http://client.inecos.de client.inecos.de https://maps.googleapis.com https://api.abfallplus.io http://api.abfallplus.io api.abfallplus.io https://*.abfall.io http://*.abfall.io *.abfall.io https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud; font-src 'self' https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; frame-ancestors 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://global.frcapi.com http://global.frcapi.com global.frcapi.com https://www.google.com http://www.google.com www.google.com https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://www.openstreetmap.org http://www.openstreetmap.org www.openstreetmap.org https://www.oldenburger-muensterland.de https://www.arcgis.com http://www.arcgis.com www.arcgis.com https://umap.openstreetmap.fr http://umap.openstreetmap.fr umap.openstreetmap.fr https://*.abfall.io http://*.abfall.io *.abfall.io https://creator.hosted-pageflow.com http://creator.hosted-pageflow.com creator.hosted-pageflow.com https://lkclp.pageflow.io http://lkclp.pageflow.io lkclp.pageflow.io https://www.touvia.de http://www.touvia.de www.touvia.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://client.inecos.de http://client.inecos.de client.inecos.de https://maps.googleapis.com https://maps.gstatic.com https://lkclp.de https://www.lkclp.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de data:; media-src 'self' https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; object-src 'self' https://lkclp.maps.arcgis.com http://lkclp.maps.arcgis.com lkclp.maps.arcgis.com https://wunschkennzeichen.kdo.de http://wunschkennzeichen.kdo.de wunschkennzeichen.kdo.de https://*.lkclp.de http://*.lkclp.de *.lkclp.de https://komsis.inecos.de http://komsis.inecos.de komsis.inecos.de https://client.inecos.de http://client.inecos.de client.inecos.de https://*.abfall.io http://*.abfall.io *.abfall.io https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com https://seu2.cleverreach.com http://seu2.cleverreach.com seu2.cleverreach.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de; script-src 'self' https://www.google.com http://www.google.com www.google.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://client.inecos.de http://client.inecos.de client.inecos.de https://static.abfallplus.de http://static.abfallplus.de static.abfallplus.de https://maps.googleapis.com https://www.oldenburger-muensterland.de https://umap.openstreetmap.fr http://umap.openstreetmap.fr umap.openstreetmap.fr https://*.abfall.io http://*.abfall.io *.abfall.io https://www.deutsches-ausschreibungsblatt.de http://www.deutsches-ausschreibungsblatt.de www.deutsches-ausschreibungsblatt.de https://logaweb.kdo.de http://logaweb.kdo.de logaweb.kdo.de https://*.stage.bio http://*.stage.bio *.stage.bio https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de https://matomo-testing.condat.cloud 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://client.inecos.de http://client.inecos.de client.inecos.de https://static.abfallplus.de http://static.abfallplus.de static.abfallplus.de https://lkclp.de https://*.abfall.io http://*.abfall.io *.abfall.io https://api.service-digitale-verwaltung.de http://api.service-digitale-verwaltung.de api.service-digitale-verwaltung.de https://*.podigee-cdn.com http://*.podigee-cdn.com *.podigee-cdn.com https://*.podigee-cdn.net http://*.podigee-cdn.net *.podigee-cdn.net https://*.podigee.com http://*.podigee.com *.podigee.com https://*.podigee.io http://*.podigee.io *.podigee.io https://cdn.eye-able.com http://cdn.eye-able.com cdn.eye-able.com https://www.eye-able-cdn.com http://www.eye-able-cdn.com www.eye-able-cdn.com https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de 'unsafe-inline'; worker-src 'self' https://lkclp-platform.condat.cloud http://lkclp-platform.condat.cloud lkclp-platform.condat.cloud https://platform.container:8080 http://platform.container:8080 platform.container:8080 https://cshs-platform-api.condat-demo.de http://cshs-platform-api.condat-demo.de cshs-platform-api.condat-demo.de blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.addtoany.com *.youtube.com live-sip-platform.pantheonsite.io; object-src 'self' *.googleapis.com *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org; img-src 'self' data: *.gstatic.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.googleapis.com i.ytimg.com; media-src 'self'; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.spotify.com; font-src 'self' data:; connect-src 'self' *.googleapis.com *.google.com sdk.privacy-center.org *.gstatic.com *.facebook.com *.facebook.net *.pr-globalcms.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com *.unpkg.com unpkg.com *.pernod-ricard.io *.privacy-center.org *.us-central1.run.app *.conversionsapigateway.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com  www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com  www.googletagmanager.com; worker-src 'self'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com data-apac.nestlehealthscience.com.hk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; img-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://siteintercept.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; media-src *; frame-src * *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; frame-ancestors 'self' https://*.qualtrics.com; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com *.static-swaven.com data: https:; https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; connect-src * 'self' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com *.adimo.co *.amazonaws.com data-apac.nestlehealthscience.com.hk https://*.qualtrics.com https://*.adimo.co https://*.adimouat.co https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com_; report-uri /report-csp-violation 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.dengagecdn.com/ https://www.googletagmanager.com/ https://gtm.techcareer.net/ https://*.adtrafficquality.google/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/ https://www.google.com.tr https://*.googlesyndication.com https://*.doubleclick.net https://cv.gcp.techcareer.net https://assets.efilli.com https://*.adtrafficquality.google/ http://www.google.com/ads/measurement/ https://connect.facebook.net/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://bundles.efilli.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.dengage.com https://*.adtrafficquality.google/ https://static.geevisit.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self' blob:; 1
style-src 'unsafe-inline' 'nonce-UsKPzeckNldEtapZQWEheg==' 'self';script-src 'self';frame-src 'self';frame-ancestors 'none';img-src 'self' http://localhost/ https://localhost/ https://schnurpfeil.de/; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://www.google.com/ https://www.youtube-nocookie.com/ youtube.com https://www.youtube.com https://www.facebook.com/; img-src 'self'; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1