Values for x-webkit-csp: frame-ancestors 'self' 43 default-src 'self' 39 report-uri /report-csp-violation; upgrade-insecure-requests 35 default-src 'self' 'unsafe-inline' 35 report-uri /report-csp-violation 33 default-src 'self'; script-src 'self' 'unsafe-inline' 26 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 10 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 8 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 8 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 6 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 6 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 5 default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com 'unsafe-inline' 'unsafe-eval' data: 5 frame-ancestors 'self' weleda.sabio.de 5 default-src 'self'; 5 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io;style-src 'self' 'unsafe-inline';worker-src 'self'; 4 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none' 4 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 4 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 3 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com data: ; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 3 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com *.usercentrics.eu data: *.motel-one.com *.the-cloud-one.com *.usercentrics.eu; script-src *.motel-one.com *.the-cloud-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com *.smartrecruiters.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com squarelovin.com ik.imagekit.io *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com *.the-cloud-one.com *.gstatic.com *.usercentrics.eu *.pinimg.com *.pinterest.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.squarelovin.com squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com *.dialogshift.com; connect-src 'self' *.motel-one.com *.the-cloud-one.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu *.pinimg.com *.pinterest.com *.surveysparrow.com *.dialogshift.com core.prod.co25.net; font-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net *.dialogshift.com; frame-src 'self' *.motel-one.com *.the-cloud-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com *.pinimg.com *.pinterest.com *.surveysparrow.com surveysparrow.com *.dialogshift.com *.smartrecruiters.com; 3 allow 'self'; 3 base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 3 font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3 frame-ancestors *; report-uri /report-csp-violation 3 3 frame-ancestors https://app.storyblok.com/ 3 default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uno.uk; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.uno.uk; img-src 'self' blob: data: https://*.uno.uk; media-src 'self' data: https://*.uno.uk; frame-src *; font-src *; form-action 'self' https://*.uno.uk; connect-src 'self' https://*.uno.uk; prefetch-src 'self' https://*.uno.uk; manifest-src 'self' https://*.uno.uk; frame-ancestors 'self'; report-uri https://stats.uno.uk/ruri/r/d/csp/enforce 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 frame-ancestors 'self' *.sncf-connect.com *.aws.vsct.fr *.sncf-voyageurs.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do *.unitylivestream.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 2 object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src wss: mycliplister.com blob: data: bosch.kittelberger.de *.tealiumiq.com dock.ui.bosch.tech wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com wss://*.hotjar.io *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.bootstrapcdn.com *.dynamicyield.com static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src data: 'self' https: mycliplister.com *.kittelberger.de *.tealiumiq.com data: blob: ; style-src dock.ui.bosch.tech cdn.pricespider.com *.boschtools.com *.dynamicyield.com *.bootstrapcdn.com *.googleapis.com *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com *.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dock.ui.bosch.tech dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: ; connect-src 'self' https: wss://endpoint.chatbot-suite.bosch.tech mycliplister.com wss://*.hotjar.com 2 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 2 frame-ancestors 'self'; report-uri /report-csp-violation 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg *.ap.sabio.cloud; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ https://www.onemap.gov.sg *.dcube.cloud *.wogaa.sg *.demdex.net *.ap.sabio.cloud s.yimg.com *.evergage.com https://dataplane.rum.ap-southeast-1.amazonaws.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.ap.sabio.cloud; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg *.ap.sabio.cloud *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://www.onemap.gov.sg https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net *.ap.sabio.cloud https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com *.ap.sabio.cloud https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://cdn.evgnet.com/ https://cdn.evergage.com/ https://tagmanager.google.com https://www.googletagmanager.com https://bat.bing.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg *.ap.sabio.cloud https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg; frame-ancestors 'none' 2 base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=4YWpJlBh28%2FAwwmXs%2BrJR%2FdJTs8bAqREX1vMtJH2e1kCaBMQHLkDUlCUQb3w4ASlqD8sm3qVtA2LnRbVoYIvVA%3D%3D; 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/* https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://goals-qa.digital.omapps.net:8080/om-api/ https://*.eskimi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 2 default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net base-uri 'self'; connect-src 'self' *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com tags.srv.stackadapt.com/events.js *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com tags.srv.stackadapt.com/events.js; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com *.visitingmedia.com visitingmedia.com *.sevenrooms.com; report-uri /report-csp-violation 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 2 script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2 default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de;img-src 'self' data: *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' multimedia.gsb.bund.de; base-uri 'self'; font-src 'self' chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de *.newsletter2go.com hls-hd.myrasec.de chatbot-bmi.azr.juacvoe.net wss://chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de wss://kai-bmi.bundesbots.de; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de video.bundesregierung.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net hls-hd.myrasec.de cdnjs.cloudflare.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de player.restream.io; img-src 'self' blob: data: *.google.com *.gstatic.com social.bund.de muenster.im *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com cdnjs.cloudflare.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net *.bmi.bund.de *.cio.bund.de *.newsletter2go.com chatbot-bmi.azr.juacvoe.net kai-bmi.bundesbots.de; frame-ancestors 'self' *.prod.gsb.bmi.in.bund.de; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://google.de https://app.usercentrics.eu https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://netzwerk.uppr.de https://www.google-analytics.com https://privacy-proxy.usercentrics.eu https://www.facebook.com https://twitter.com https://www.linkedin.com https://www.xing.com https://www.youtube.com https://cdnjs.cloudflare.com https://nebula-cdn.kampyle.com https://bat.bing.com https://ad4m.at https://connect.facebook.net https://www.usemaxserver.de https://widgets.energiemonitor.de https://play.google.com https://www.googleoptimize.com https://icpublichosting.azureedge.net https://optimize.google.com https://service.mtcaptcha.com https://service2.mtcaptcha.com https://ic-chatwindow-service.azurewebsites.net https://clb2.cfapps.mila.external.ap.innogy.com https://www.googleanalytics.com https://cdn.medallia.com/ https://cdn.appsol.medallia.com/ *.kampyle.com/ https://metrics-proxy.medallia.ca/ https://metrics-proxy.medallia.eu/ https://metrics-proxy.medallia.com.au/ https://metrics-proxy.medallia.com/ https://col.eum-appdynamics.com/ https://static.medallia.com/ https://bugreport.medallia.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://express.ger.medallia.eu/ https://express.sbx.ger.medallia.eu/ https://feed2.medallia.eu/ https://feed2sbx.sbx.ger.medallia.eu/ https://mft1.medallia.eu/ https://filestash.fra1.medallia.eu/ https://tm.ad-srv.net https://tm703.ad-srv.net https://tm707.ad-srv.net https://tm708.ad-srv.net https://*.iadvize.com https://znbd9pj7eqbjzjd42-eon.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://trck.lew.de; style-src 'self' 'unsafe-inline' https://widgets.energiemonitor.de https://fonts.googleapis.com https://icpublichosting.azureedge.net https://optimize.google.com https://*.iadvize.com; object-src 'self'; report-uri /umbraco/api/helper/CreateCSPReport 2 default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.leadinfo.net *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com cdn.quicq.io data: www.google.com www.googletagmanager.com stats.g.doubleclick.net collector.leadinfo.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src *.google-analytics.com stats.g.doubleclick.net consentcdn.cookiebot.com detect-ipv4.linqhost.nl detect-ipv6.linqhost.nl api.leadinfo.com collector.leadinfo.net; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 2 policy-uri /'none' 2 default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.2o7.net *.omtrdc.net *.adobe.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com https://*.adnxs.com *.adnxs.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://unpkg.com/ 'unsafe-eval' connect.facebook.net graph.facebook.com js.facebook.com; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudfront.net tagmanager.google.com *.googletagmanager.com googletagmanager.com *.google.com *.analytics.google.com analytics.google.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com www.googletagmanager.com *.adnxs.com https://ssl.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://www.gstatic.com; font-src 'self' *.amazonaws.com *.cloudfront.net *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.chadstone.com.au *.dfo.com.au *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com analytics.tiktok.com *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.analytics.google.com https://*.google.com.au about: *.facebook.com connect.facebook.net; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com connect.facebook.net *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org https://*.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com bytedance sslocal *.outbrain.com *.pinterest.com *.pinimg.com *.tiktok.com *.bytedance.com *.analytics.google.com analytics.google.com *.googletagmanager.com googletagmanager.com https://*.adsrvr.org; object-src *.googlesyndication.com; media-src dai.google.com; child-src blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net; form-action *.google.com *.facebook.com connect.facebook.net; worker-src blob: *.google.com; prefetch-src *.googlesyndication.com 2 default-src 'self' *.poliziadistato.it:* blob: data: *.poliziadistato.it *.zencdn.net *.tv2000.it *.wowza.com *.interno.it *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com *.googletagmanager.com opendataavcp.interno.it *.raiplay.it *.rai.it js.api.here.com *.hereapi.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.wowza.com i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it *.raiplay.it *.rai.it; style-src 'self' *.poliziadistato.it *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com *.raiplay.it *.rai.it js.api.here.com; frame-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it *.adobe.com; worker-src 'self' *.poliziadistato.it storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; child-src 'self' *.poliziadistato.it opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.twitter.com opendataavcp.interno.it *.raiplay.it *.rai.it; font-src 'self' data: *.poliziadistato.it *.wowza.com opendataavcp.interno.it *.gstatic.com *.raiplay.it *.rai.it; frame-ancestors 'self' storify.com *.poliziadistato.it *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.youtube-nocookie.com video.repubblica.it *.google.com *.googletagmanager.com *.raiplay.it *.rai.it; media-src *.poliziadistato.it blob: 1 policy-uri /parivahan//'self' 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-Z9W1FuOZFeCd3MB8ryg3xkjwh/hvg5THXWyDf8JouCOEo1qA'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1 frame-ancestors 'none' 1 default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu endpoint-app.cognigy.ai wss://endpoint-app.cognigy.ai 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: https://cdn.mises.org https://www.google.ca https://www.google.com https://i.creativecommons.org https://licensebuttons.net https://www.google-analytics.com https://mcusercontent.com https://maps.gstatic.com https://s3.amazonaws.com; frame-ancestors 'self' https://glockenspiel-bluebird-4h6c.squarespace.com https://www.misesgraduateschool.org https://misesgraduateschool.org https://api-public.addthis.com https://m.addthis.com https://mises.org; report-uri /report-csp-violation; upgrade-insecure-requests 1 connect-src * 'self' 1 : default-src * 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170182930563500' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 frame-ancestors *.payback.de 1 img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1 frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net https://*.hotjar.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://cdn-cookieyes.com https://*.cookieyes.com https://code.jquery.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com https://*.zendesk.com wss://*.smooch.io https://googleads.g.doubleclick.net https://*.google.com https://*.linkedin.com; font-src 'self' https://use.typekit.net https://*.hotjar.com; form-action 'self' https://www.onlydomains.com https://account.centralnicreseller.com; frame-ancestors 'none'; frame-src https://www.recaptcha.net https://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://t.co https://*.linkedin.com https://*.twitter.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.hsforms.com https://*.hubspot.com https://*.zendesk.com https://*.zdassets.com data:; object-src 'none'; script-src https://code.jquery.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.hsforms.com https://*.hubspot.com https://ekr.zdassets.com 'nonce-dvFf1ECsmZij5cALeZ0ExXeBv8E=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; style-src 'self' https://*.typekit.net https://*.hotjar.com https://cdnjs.cloudflare.com 'unsafe-inline'; worker-src 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1 base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-67c1d56bc895c41494f54ceaf8af9c8be4b6097a7389' 'nonce-f761cc724a033cdefb7ffb7703e859ba7c57180bf3d9' 'nonce-d03a7712ad9c3ed71e5ebe4176df435db46908eb0201' 'nonce-bfcd5497f67483edb503a088a01a790ab600acf5b03e' 'nonce-f767672a63fbe0a6b547e787c76adddcdbf3890a4ccb'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com doo.net piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; 1 report-uri /main/report-csp-violation; upgrade-insecure-requests 1 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru d.webhost1.ru cp.webhost1.ru cp2.webhost1.ru cp3.webhost1.ru *.yoomoney.ru yookassa.ru geoadv-partner.yandex.ru direct.yandex.ru *.yandex.ru *.yandex.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com *.bitrix24.ru *.roistat.com top-fwz1.mail.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com https://d.webhost1.ru:* https://cp.webhost1.ru:* https://cp2.webhost1.ru:* https://cp3.webhost1.ru:* 1 frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com *.qiaofangyun.com 1 default-src 'self' 'unsafe-eval' *.bundesverfassungsgericht.de; base-uri 'self' *.bundesverfassungsgericht.de; style-src 'self' 'unsafe-inline' *.bundesverfassungsgericht.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de *.bundesverfassungsgericht.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de *.bundesverfassungsgericht.de; connect-src 'self' *.itzbund.de *.bundesverfassungsgericht.de; frame-ancestors 'self'; worker-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bcbsks.com polyfill.io unpkg.com fast.wistia.com *.googletagmanager.com *.google-analytics.com *.ads-twitter.com www.gstatic.com *.bing.com connect.facebook.net 100011161.collect.igodigital.com snap.licdn.com *.adsrvr.org bam.nr-data.net googleads.g.doubleclick.net js-agent.newrelic.com tags.srv.stackadapt.com public.tableau.com qvdt3feo.com code.jquery.com www.google.com analytics.silktide.com static.cloudflareinsights.com www.covermymeds.com www.googleadservices.com cdn.datatables.net cdnjs.cloudflare.com www.eventbrite.com https://www.google.co.uk www.clarity.ms *.callrail.com *.simpli.fi tag.demandbase.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' www.bcbsks.com bcbsks.prod.acquia-sites.com fast.fonts.net fonts.googleapis.com tags.srv.stackadapt.com www.covermymeds.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' p.dlx.addthis.com www.google.com *.google-analytics.com nova.collect.igodigital.com *.bing.com t.co analytics.twitter.com *.wistia.com www.facebook.com *.g.doubleclick.net *.google.com public.tableau.com *.bcbsks.com tools.applemediaservices.com apple-resources.s3.amazonaws.com connect.facebook.net secure.adnxs.com *.linkedin.com www.googletagmanager.com *.covermymeds.com cdn.datatables.net embedwistia-a.akamaihd.net c.clarity.ms um.simpli.fi * data:; media-src 'self' *.wistia.com www.google.com embedwistia-a.akamaihd.net fast.wistia.net blob:; frame-src 'self' *.bcbsks.com https://d1eoo1tco6rr5e.cloudfront.net/ *.adsrvr.org www.facebook.com public.tableau.com *.fls.doubleclick.net td.doubleclick.net www.youtube.com www.googletagmanager.com staywell.mydigitalpublication.com e.issuu.com www.eventbrite.com insight.adsrvr.org www.kff.org s.company-target.com; font-src 'self' fast.fonts.net fast.wistia.com fonts.gstatic.com data:; connect-src 'self' *.bugsnag.com *.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net *.googleadservices.com www.googleadservices.com *.google.com *.wistia.com *.litix.io bam.nr-data.net cdn.linkedin.oribi.io www.facebook.com tags.srv.stackadapt.com embedwistia-a.akamaihd.net bat.bing.com a.us.silktide.com https://connect.facebook.net https://www.google.co.uk pagead2.googlesyndication.com *.clarity.ms js.callrail.com api.company-target.com tag-logger.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 1 script-src 'nonce-ed19a694-baa9-4fa8-beb4-af4c6b339dc0' https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/ 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://d2c.aws.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com https://aws.amazon.com https://a0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://d2c.aws.amazon.com; default-src 'self'; 1 base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=YcA8NhQ7Xpq1%2FyXIDSqfkEEoTT%2FFfQDvmgd78%2BcTYyXiE%2FpDbbegn5OGcgcHx%2FJxhMvoQE7fvQSvZojxt9hUSQ%3D%3D; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de 1 default-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://*.facebook.com *.facebook.com https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.google.com *.google.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://*.gstatic.cn *.gstatic.cn https://*.jsdelivr.net *.jsdelivr.net https://*.rawgit.com *.rawgit.com https://*.ddfstatic.com *.ddfstatic.com https://cdn.plyr.io cdn.plyr.io https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://*.bangbros.com *.bangbros.com https://*.nikkiprice.com *.nikkiprice.com https://*.girlsgonewild.com *.girlsgonewild.com https://*.naked.com *.naked.com https://*.st-content.com *.st-content.com https://*.sellvids.com *.sellvids.com https://*.hazecash.com *.hazecash.com https://*.xxxpawn.com *.xxxpawn.com https://*.gaypawn.com *.gaypawn.com https://*.miakhalifa.com *.miakhalifa.com https://*.americanpervert.com *.americanpervert.com https://*.xnxx.com *.xnxx.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://*.gtflixtv.com *.gtflixtv.com https://*.gtflixtvtest.com *.gtflixtvtest.com https://pornbox.com pornbox.com https://*.pornbox.com *.pornbox.com wss://lb-private-chat.gtflixtv.com wss://lb-private-chat-beta.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://www.google-analytics.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com/g/collect; font-src 'self' https://cdn.jsdelivr.net/npm/ https://fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' https://*.gtflixtv.com *.gtflixtv.com https://xvideos.com xvideos.com https://*.xvideos.com *.xvideos.com https://*.xvideos2.com *.xvideos2.com https://*.xvideos-cdn.com *.xvideos-cdn.com https://www.xvideos.com www.xvideos.com https://*.xvideos.red *.xvideos.red https://*.1ka.com *.1ka.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.google-analytics.com www.google-analytics.com https://www.google.com/ads/ga-audiences https://stats.g.doubleclick.net/r/collect https://region1.google-analytics.com region1.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ data:; object-src 'none'; script-src 'self' https://my.sheer.com my.sheer.com https://www.sheer.com www.sheer.com https://account.analvids.com account.analvids.com https://scene-subtitles.gtflixtv.com scene-subtitles.gtflixtv.com https://uploader.gtflixtv.com uploader.gtflixtv.com https://uploader-beta.gtflixtv.com uploader-beta.gtflixtv.com https://pornbox.com pornbox.com https://*.googleapis.com *.googleapis.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://google-analytics.com google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com ssl.gstatic.com https://www.gstatic.com www.gstatic.com https://stats.g.doubleclick.net/r/ stats.g.doubleclick.net/r/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/yuku-t/jquery-textcomplete/ https://*.ddfstatic.com *.ddfstatic.com https://*.sexcash.com *.sexcash.com https://*.trafficfactory.biz *.trafficfactory.biz https://apis.google.com/js/platform.js 'unsafe-inline' 'unsafe-eval'; report-uri /api/js-error; 1 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 1 base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://cdn.animebytes.tv https://mei.animebytes.tv https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1 default-src 'self' data: https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; style-src 'self' 'unsafe-inline' https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; img-src 'self' data: blob: https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; font-src 'self' https://bitrix.info:* https://bitrix.info/bx_stat: https://stat.sputnik.ru:* https://cnt.sputnik.ru:* https://mc.yandex.ru:* https://informer.yandex.ru:* https://pos.gosuslugi.ru:* https://reports.43edu.ru:* https://docs.43edu.ru:* https://api-maps.yandex.ru:* https://yastatic.net:* https://core-renderer-tiles.maps.yandex.net:* https://core-sat.maps.yandex.net:* https://yandex.ru:*; 1 default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; Content-Security-Policy: default-src 'self'; frame-ancestors 'self' http://localhost https://localhost; connect-src 'self' piwik.itzbund.de *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net media-library-production-ecdcakbreve6g5ca.z01.azurefd.net media-library-acceptance-acdycba8gneughdp.z01.azurefd.net *.kaltura.com; worker-src blob: 'self'; base-uri 'self'; font-src 'self' data: *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; style-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.fcst.tv *.freecaster.com *.youborafds01.com *.azurewebsites.net *.kaltura.com cdn.jsdelivr.net platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.fcst.tv *.azurewebsites.net *.twitter.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.fcst.tv *.freecaster.com *.azurewebsites.net *.kaltura.com *.bundesrat.de pbs.twimg.com *.twitter.com; 1 frame-ancestors https://youtu.be https://bid.g.doubleclick.net https://streetview.my https://safedepositboxjb.streetview.my https://uat.hlisb.com.my https://hlbmc.demdex.net https://tags.tiqcdn.com https://survey.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://www.ecbanking.com.my https://gms.hongleong.com.my https://apply-merchant1.hlb.com.my 1 frame-ancestors 'self' cmsv2.zebrix.net 1 frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src 'self' www.baua.de.de datawrapper.dwcdn.net; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'.de datawrapper.dwcdn.net; 1 frame-ancestors 'self' https://*.allhomes.com.au 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de abvl-public-test.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1 frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1 policy-uri /'self' 1 default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.salesforce-sites.com https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://ws.bsy.me https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com https://client.crisp.chat *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-ancestors 'self'; 1 img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/ www.googletagmanager.com; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com unpkg.com/boxicons@2.1.1/ 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.conceptboard.com; 1 default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1 frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1 script-src *.globant.com *.googletagmanager.com *.google-analitycs.com *.google.com 'unsafe-eval' 'unsafe-inline' https: 'self' https://www.globant.com/ blob:; object-src none; style-src 'self' 'unsafe-inline' *.globant.com *.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net; img-src 'self' *.cloudflare.com *.globant.com *.i.ytimg.com https: data:; media-src 'self' *.globant.com; frame-src 'self' https: fullscreen; frame-ancestors self fullscreen *.globant.com https://*.youtube.com; font-src 'self' *.globant.com *.fontawesome.com *.cloudflare.com *.gstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.sancta-domenica.hr sancta-domenica.hr *.sancta-domenica.ba sancta-domenica.ba *.samsungshop.hr samsungshop.hr *.bigbang.ba bigbang.ba; 1 default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1 default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1 default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1 default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 1 frame-src 'self' blob: *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com; connect-src 'self' *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1 base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-uo9iK/MDFrPYyt3xMQS1Ow==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1 default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com *.facebook.com *.nosiva.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1 default-src https://wbregistration.gov.in; connect-src https://wbregistration.gov.in; font-src https://wbregistration.gov.in data:; frame-src https://wbregistration.gov.in; img-src https: data:; media-src https://wbregistration.gov.in; object-src https://www.wbregistration.gov.in; script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in; style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1 default-src 'self' data: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.cloudflare.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; object-src 'self' data: https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' data: https: blob:; frame-src 'self' data: blob: *.simplesdental.com *.facebook.net *.facebook.com *.bing.com *.cookielaw.org *.clarity.ms *.livesession.io *.getblue.io *.googleapis.com *.youtube.com *.youtube-nocookie.com *.intercom.io *.intercomcdn.com *.intercom-sheets.com intercom-sheets.com *.vitally.io *.googletagmanager.com *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com *.cloudfront.net *.googleoptimize.com *.onetrust.com *.hotjar.com *.cloudflare.com *.wootric.com *.suiteshare.com *.jquery.com *.amazonaws.com whts.co; font-src 'self' data: https:; connect-src 'self' data: https: wss: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline'; 1 default-src 'self' https://www.youtube.com detergents.lidl-info.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net cdn.cookielaw.org lidl.media01.eu fpm.climatepartner.com services.melixa.eu data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; connect-src 'self' cdn.cookielaw.org *.onetrust.com; 1 frame-ancestors 'self' https://www.tvacreditunion.com https://tvacreditunion.com https://olb.tvacreditunion.com 1 default-src 'self'; connect-src 'self' https://*.usercentrics.eu https://*.yext.com https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://*.ekir.de https://*.algolia.net https://*.algolianet.com; frame-src 'self' https://*.usercentrics.eu https://umap.openstreetmap.fr https://*.openstreetmap.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.vimeo.com https://*.kd-onlinespende.de https://walls.io https://*.walls.io www.youtube-nocookie.com https://platform.twitter.com https://syndication.twitter.com https://*.ekir.de; font-src 'self' data:; img-src 'self' data: https://*.usercentrics.eu https://*.openstreetmap.fr https://*.openstreetmap.de https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://*.kd-onlinespende.de https://img.youtube.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://secure.gravatar.com http://*.ekir.de https://*.ekir.de; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://www.evangelische-termine.de https://*.evangelisch.de https://termine.ekir.de https://*.vimeo.com https://*.openstreetmap.org https://*.kajomigenerator.de https://*.newsletter2go.com https://kirche-muelheim.de https://nextgen.kajomigenerator.de https://soundcloud.com https://vimeo.de https://*.kd-onlinespende.de https://walls.io https://*.walls.io https://secure.gravatar.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.ekir.de https://adressverzeichnis.ekd.de https://cdn.jsdelivr.net; 1 frame-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.vimeo.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com; child-src *.twitter.com *.googleusercontent.com *.clarity.ms *.youtube.com *.facebook.com *.facebook.net *.doubleclick.net *.hotjar.com *.franceculture.fr *.radiofrance.fr *.googleapis.com *.spotify.com *.exacttarget.com *.instagram.com iheid.webex.com graduateinstitute.secure.force.com *.sfmc-content.com *.google.com *.libcal.com *.simplecast.com *.soundcloud.com *.flywire.com *.prezi.com *.iheid.ch *.drupal.com *.rts.ch graduateinstitute.my.salesforce-sites.com *.graduateinstitute.us8.list-manage.com *.addevent.com *.office.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com; frame-ancestors https://www.juris.de/ 'self'; 1 default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-8191d8c5c474f222cc8232a91f745e1d' 'nonce-ac876a3615b1777542fa9a2c572c2ead' 'nonce-8941a10aba5e3a5c07a6995feb9ca2a5' 'nonce-5b0915c0e93abe15184806c3d5b44c64' 'nonce-e7e608e88165437750e5b054a1530907' 'nonce-84b35f9c4d12e9c38a1fc1579f2b9404' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8191d8c5c474f222cc8232a91f745e1d' 'nonce-ac876a3615b1777542fa9a2c572c2ead' 'nonce-8941a10aba5e3a5c07a6995feb9ca2a5' 'nonce-5b0915c0e93abe15184806c3d5b44c64' 'nonce-e7e608e88165437750e5b054a1530907' 'nonce-84b35f9c4d12e9c38a1fc1579f2b9404' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.jsdelivr.net hello.myfonts.net mfstatic.com *.googleapis.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com t.co/i/adsct cf.zortrax.com ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com maps.googleapis.com ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1 default-src 'self' *.ebola.cz https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ebola.cz https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; referrer no-referrer; style-src 'self' 'unsafe-inline' *.ebola.cz; img-src 'self' *.ebola.cz 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' *; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 1 frame-ancestors https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com; report-uri /report-csp-violation 1 default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1 default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-10492e93386c2057b485c3a853195600' 'nonce-30c10999cd592634054b6901bddb13bf' 'nonce-89002ab89d77e1ddf844683f4f840ed5' 'nonce-4410fb58ac3c21517bad93d35f13d0c3' 'nonce-d1e5a993421013e90efe49461d116706' 'nonce-42215d78f0e5dfc0acdb3bf7f2aac30f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-10492e93386c2057b485c3a853195600' 'nonce-30c10999cd592634054b6901bddb13bf' 'nonce-89002ab89d77e1ddf844683f4f840ed5' 'nonce-4410fb58ac3c21517bad93d35f13d0c3' 'nonce-d1e5a993421013e90efe49461d116706' 'nonce-42215d78f0e5dfc0acdb3bf7f2aac30f' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; script-src 'self' *.amalgamatedbank.com bam.nr-data.net unpkg.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com js.locatorsearch.com *.prod.acquia-sites.com *.instagram.com *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com *.googletagmanager.com *.doubleclick.net *.addtoany.com fonts.gstatic.com *.omappapi.com *.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com app.jazz.co js-agent.newrelic.com *.google.com *.gstatic.com www.recaptcha.net ajax.googleapis.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://www.recaptcha.net/recaptcha/api.js https://www.recaptcha.net/recaptcha/api/fallback; style-src 'self' 'unsafe-inline' unpkg.com *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google.com *.gstatic.com app.jazz.co; img-src 'self' *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com bam.nr-data.net cdn.jsdelivr.net *.prod.acquia-sites.com js.locatorsearch.com *.oktacdn.com *.okta.com *.oktapreview.com data: *.googletagmanager.com app.jazz.co *.google.com *.google-analytics.com *.gstatic.com images.printable.com images.locatorsearch.com instagram.com i.ytimg.com; media-src files.marcomcentral.app.pti.com *.youtube.com *.amalgamatedbank.com bam.nr-data.net *.talkdeskapp.com *.talkdeskdev.com *.twilio.com; frame-src *; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com bam.nr-data.net *.amalgamatedbank.com *.talkdeskapp.com *.talkdeskdev.com *.twilio.com *.prod.acquia-sites.com *.oktacdn.com *.okta.com *.oktapreview.com unpkg.com fonts.gstatic.com app.jazz.co *.google.com *.gstatic.com *.locatorsearch.com; connect-src 'self' abnyunityuat.fisglobal.com login-uat.fisglobal.com mcs.us1.twilio.com wss://tsock.us1.twilio.com *.talkdeskapp.com *.talkdeskdev.com maps-api-ssl.google.com bam.nr-data.net stats.addtoany.com googleads.g.doubleclick.net *.youtube.com *.oktacdn.com *.okta.com *.oktapreview.com *.omappapi.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self' dock.ui.bosch.tech vars.hotjar.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net wss://*.hotjar.com *.hotjar.com; font-src 'self' *.bosch-pt.com bosch-pt.com www.bosch-pt.com *.bosch-professional.com ; object-src data: 'self'; img-src https: data:; style-src 'self' ptlegalpagesnew.kittelberger.net *.bosch-pt.com bosch-pt.com *.bosch-professional.com 'unsafe-inline'; script-src https: http://www.bosch-pt.com 'unsafe-inline' 'unsafe-eval'; connect-src https: search.internet.bosch.com wss://*.hotjar.com; script-src-elem https: http: 'unsafe-inline' *.bosch-pt.com 1 default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1 upgrade-insecure-requests; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://*.montepiedad.com.mx https://*.botlers.io https://*.newrelic.com https://unpkg.com https://*.zeptojs.com https://*.jsdelivr.net https://*.datatables.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://assets4.lottiefiles.com https://www.google-analytics.com https://www.yumpu.com https://*.analytics.google.com https://*.youtube.com/ https://analytics.google.com https://ad.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://afiliacion.net https://prs.arkeero.net https://leadgenios.net https://www.rtb123.com https://*.hotjar.com https://inboxlabs.go2cloud.org https://*.google.com.mx https://*.hotjar.io https://*.teads.tv https://ojo7.ltroute.com; 1 default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1 default-src 'self'; frame-src 'self' https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://new.express.adobe.com/webpage/static/embed/embed.js https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://new.express.adobe.com/webpage/static/embed/embed.js *.analytics.google.com/ *.google-analytics.com/ https://moneypennychat.appspot.com/ https://www.doctify.com/ *.webspellchecker.net/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-237f07272d7a1d198f398c680dd57b2f' 'nonce-0e8e00c4e97df5fd192a0d3caef396d0' 'nonce-7bc3e25f97cd0331d488163c1f8fcf2e' 'nonce-e14ab0e29af0b9348a34d8d628aedee5' 'nonce-bd02e5ebf43b943f61c0556b919bbc66' 'nonce-380c3b6e75accb56bc793fa208f12973' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-237f07272d7a1d198f398c680dd57b2f' 'nonce-0e8e00c4e97df5fd192a0d3caef396d0' 'nonce-7bc3e25f97cd0331d488163c1f8fcf2e' 'nonce-e14ab0e29af0b9348a34d8d628aedee5' 'nonce-bd02e5ebf43b943f61c0556b919bbc66' 'nonce-380c3b6e75accb56bc793fa208f12973' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1 default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.googletagmanager.com googletagmanager.com connect.facebook.net youtube.com *.facebook.net *.youtube.com *.stg.brandwire.in *.mediawire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googletagmanager.com *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com www.googletagmanager.com *.googletagmanager.com *.idiva.com *.ilnconnect.com *.mensxp.com *.ilnconnect.com *.indiatimes.com 1 default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com idntfy.ru mobuli.info mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.ru https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com analytics.twitter.com cdn.sajari.net cdn.sajari.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com assets.adobedtm.com www.gstatic.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com; http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com ok8static.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1 default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com; script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:; style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com; frame-src 'self' *.dab-bank.de intent://* *.staging.echonet https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com; font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com; object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net; connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com; media-src 'self' *.dab-bank.de https://*.dab-bank.de; report-uri /json/open/csp_report; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com:* https://ajax.googleapis.com:* https://call.chatra.io/chatra.js https://maps.googleapis.com:* https://seal-nebraska.bbb.org/logo/blue-valley-technologies-17381.js https://stats.g.doubleclick.net/dc.js https://www.googletagmanager.com:* https://assets.juicer.io:* https://www.juicer.io:* https://www.google-analytics.com:* https://stats.g.doubleclick.net:* https://www.googleadservices.com:* https://feedback.happy-or-not.com:* https://dk98ddgl0znzm.cloudfront.net:* https://emma-content-aggregates-prd.s3.amazonaws.com:*; object-src 'self' ; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com:* https://seal-blue.bbb.org; img-src * 'self' https://maps.gstatic.com https://stats.g.doubleclick.net:*; media-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-src 'self' https://chat.chatra.io:* https://www.youtube.com:* https://player.vimeo.com:*; frame-ancestors 'self'; child-src 'self'; font-src 'self' * https://fonts.gstatic.com:*; connect-src 'self' https://maps.googleapis.com:* https://analytics.google.com:* https://www.google-analytics.com:* https://www.juicer.io:* https://graph.facebook.com:* https://www.googletagmanager.com:* https://stats.g.doubleclick.net:* https://feedback-api.happy-or-not.com:* https://feedback.happy-or-not.com:* https://api.mixpanel.com:*; report-uri /report-csp-violation 1 default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my www.gstatic.com; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com analytics.google.com unpkg.com www.google.com.my; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1 frame-ancestors 'self' https://www.rpr1.de 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' data: 'unsafe-inline' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; img-src 'self' data: blob: fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; frame-src 'self' youtube.com www.youtube.com cdnjs.cloudflare.com fonts.gstatic.com code.jquery.com vk.com bitrix.info www.1c-bitrix.ru bitrix24.datafort.ru *.mindbox.ru yandex.ru mc.yandex.ru googleads.g.doubleclick.net www.google.com/ads/user-lists/ www.google.ru/ads/user-lists/ www.google.com www.google-analytics.com maps.google.com *.gstatic.com:* *.googleapis.com www.googleadservices.com code.jivosite.com:* cdn.voximplant.com facecast.net formdesigner.pro; font-src 'self' fonts.googleapis.com; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1 default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self' 'unsafe-inline' *.interiorhealth.ca fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net www.buzzsprout.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net cdn.schemaapp.com fcscdn.broadridge.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com fl-cdn.azureedge.net investmentdesktop.fundslibrary.net investmentdesktop.fundslibrary.net; 1 default-src 'self' https://*.webbfabriken.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.webbfabriken.com https://use.fontawesome.com https://a.omappapi.com https://a.omwpapi.com https://use.typekit.net https://script.hotjar.com https://www.google.com https://www.google.se https://static.hotjar.com https://chimpstatic.com https://www.google-analytics.com https://m8m7u2y3.stackpathcdn.com https://ajax.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com; object-src 'self' https://www.webbfabriken.com; style-src 'self' 'unsafe-inline' https://www.webbfabriken.com https://fonts.googleapis.com https://a.omwpapi.com https://a.omappapi.com https://m8m7u2y3.stackpathcdn.com; img-src 'self' data: https://www.webbfabriken.com https://wfsecapi.se https://a.omappapi.com https://a.omwpapi.com https://p.typekit.net https://googleads.g.doubleclick.net https://www.google.se https://www.google.be https://region1.analytics.google.com https://m8m7u2y3.stackpathcdn.com https://www.google.com https://*.gstatic.com https://*.w.org https://www.uc.se https://www.abuseipdb.com https://*.google-analytics.com https://www.facebook.com; media-src 'self' https://www.webbfabriken.com; frame-src 'self' https://www.webbfabriken.com https://m8m7u2y3.stackpathcdn.com https://www.facebook.com; font-src 'self' data: https://www.webbfabriken.com https://use.typekit.net https://fonts.gstatic.com https://a.omwpapi.com https://m8m7u2y3.stackpathcdn.com; connect-src 'self' https://www.webbfabriken.com https://region1.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://z.omwpapi.com https://a.omappapi.com https://api.omwpapi.com https://optinmonster.com https://*.google-analytics.com https://www.facebook.com; report-uri https://www.webbfabriken.com/_sys/csp_report_log/insert.php 1 base-uri 'none';connect-src 'self' *.oresund.io dc.services.visualstudio.com *.cookieinformation.com *.g.doubleclick.net 'unsafe-inline' *.googlesyndication.com *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io;font-src 'self' *.hotjar.com;form-action 'self';frame-ancestors 'none';img-src 'self' self data: *.tt.se *.ritzau.dk *.ctfassets.net *.gstatic.com www.googletagmanager.com *.googlesyndication.com *.adnxs.com www.facebook.com *.google.com www.google.dk www.google.se *.hotjar.com;manifest-src 'self';media-src 'self' self data: *.ctfassets.net;object-src 'none';script-src 'self' *.reepay.com *.gstatic.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com *.google.com *.adnxs.com *.facebook.net *.googlesyndication.com www.googleadservices.com *.hotjar.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com www.googletagmanager.com *.hotjar.com;worker-src 'self'; 1 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com www.googletagmanager.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com cdnjs.cloudflare.com static.cloudflareinsights.com analytics.newscred.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com s3.amazonaws.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net www.b2i.us *.prnewswire.com pixel.welcomesoftware.com;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com www.googletagmanager.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com *.prnewswire.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com www.b2i.us stockcharting.s3.amazonaws.com;object-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com;media-src 'self' *.netdna-ssl.com *.pcdn.co *.prnewswire.com; 1 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 1 object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com *.mouseflow.com;frame-src https://www.youtube.com *.mouseflow.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.nl https://maps.gstatic.com https://maps.googleapis.com *.mouseflow.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.googletagmanager.com https://developers.google.com https://maps.googleapis.com *.mouseflow.com;style-src https://www.wefact.nl 'unsafe-inline' https://fonts.googleapis.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com *.mouseflow.com *.typekit.net;child-src *.mouseflow.com;manifest-src https://www.wefact.nl 1 base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com https://eep.io eep.io data:; media-src https://www.youtube.com https://vimeo.com https://www.landcareresearch.co.nz/ https://public.tableau.com public.tableau.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://s3.amazonaws.com/downloads.mailchimp.com/ s3.amazonaws.com/downloads.mailchimp.com/ https://landcareresearch.us16.list-manage.com landcareresearch.us16.list-manage.com https://google-analytics.com google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://sdk.apester.com/web-sdk.core.min.js https://sdk.apester.com/web-sdk.core.legacy.min.js https://sdk.apester.com https://events.apester.com events.apester.com 'nonce-NWM4Y2U1MDljNDg2NTQ0MGNmMjViNzBlOTZiMjAzYjUwNDg3ODA1NDEyMTYxMzJhNzQyNGQyYmVhNDdiMWFhMmM2YTI3OGM0NWNhZGUwNWNlOTI5ZTg3YTA0NjNiNjI5YjkxMzE4MGM2MTlkZjFlMWVhYjQ1YWViZjM3ODM0OTU=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css https://cdn-images.mailchimp.com cdn-images.mailchimp.com 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1 default-src 'self' ws:;script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com static.ads-twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com *.emailsys1c.net *.emailsys1a.net cdn-prod.wdesk.com cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src 'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src 'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net *.emailsys1a.net t.co/i/adsct;frame-src 'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com;connect-src 'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings *.emailsys1c.net *.emailsys1a.net consentcdn.cookiebot.com analytics.twitter.com cdn.linkedin.oribi.io/partner/3468146/domain/gleif.org/token;prefetch-src 'self' *.disquscdn.com disqus.com; 1 default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-x5FAY+qfhrpsE6baTWb4WynsLB+C4s+oYmRRXQFwFn5+A/vo'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1 font-src 'self'; 1 frame-ancestors *.amboss.com 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://cdnjs.cloudflare.com https://maps.googleapis.com/maps/api/js https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://*.gstatic.com https://docs.google.com/; img-src * data: blob:; font-src *; 1 default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com player.vimeo.com; 1 default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1 base-uri 'none';child-src 'none';connect-src 'self' https://ws.zoominfo.com/pixel/collect https://aorta.clickagy.com/ https://aorta.clickagy.com/liveramp_redir https://hemsync.clickagy.com/external/ https://maps.googleapis.com/;default-src 'self';font-src 'self' https://fonts.gstatic.com;;form-action 'self';frame-ancestors 'self';frame-src 'none';img-src 'self' https://id.rlcdn.com/ https://idsync.rlcdn.com/ https://aorta.clickagy.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://maps.googleapis.com/ https://www.google.com https://ws.zoominfo.com/pixel/6320bf5aac6e98ed3e39d094 https://tags.clickagy.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/external/ https://ws.zoominfo.com/;style-src 'self' https://aorta.clickagy.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com/ https://streetviewpixels-pa.googleapis.com/ https://lh3.ggpht.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://www.google.com 'unsafe-inline';worker-src 'self';upgrade-insecure-requests ; 1 child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1 frame-src *; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1 upgrade-insecure-requests 1 "default-src *" 1 frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1 allow 'self' 1 frame-ancestors 'self' https://*.hapara.com/ 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1 default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self' *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1 default-src 'unsafe-hashes' https://crohnsandcolitis.org.uk https://docs.google.com https://platform.twitter.com https://customervoice.microsoft.com https://*.readspeaker.com https://*.azureedge.net https://poster.crohnsandcolitis.org.uk https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://*.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.fluidads.com https://forms.office.com https://*.snapchat.com ;base-uri 'self' ;frame-ancestors 'self' ;script-src 'self' 'nonce-f478f78468094f9087cff2d1f1928edb' 'unsafe-eval' https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://*.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://static.addtoany.com https://*.fluidads.com https://*.simpli.fi https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.typeform.com https://*.hotjar.com https://analytics.tiktok.com https://*.snapchat.com https://*.twitter.com ;connect-src 'self' https://docs.google.com https://platform.twitter.com https://cdn.acsbapp.com https://*.trackedweb.net https://*.readspeaker.com https://*.azureedge.net https://*.fluidads.com https://www.facebook.com https://*.cookiefirst.com https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://*.landbot.io https://*.addthis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.typeform.com https://*.issuu.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.analytics.google.com https://analytics.tiktok.com ;img-src 'self' data: https://www.facebook.com https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com.tr https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co ;font-src 'self' data: https://use.typekit.net https://acsbapp.com https://*.acsbapp.com https://*.azureedge.net https://fonts.gstatic.com https://*.hotjar.com ;style-src 'self' 'unsafe-inline' https://acsbapp.com https://*.acsbapp.com blob: https://*.readspeaker.com https://*.azureedge.net https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com https://*.typeform.com https://*.issuu.com https://*.hotjar.com ;form-action 'self' https://*.readspeaker.com https://*.azureedge.net https://*.typeform.com https://*.twitter.com https://*.landbot.io https://*.snapchat.com ; 1 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net https://www.googletagmanager.com/ https://app.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/HTMLCS.js https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com https://openfed.github.io/AccessibilityCheck/build/HTMLCS.css; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://app.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://openfed.github.io/AccessibilityCheck/build/Images/; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be https://app.usercentrics.eu/; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.google-analytics.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://aggregator.service.usercentrics.eu/ https://maps.googleapis.com/; report-uri /en/report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.newrelic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1 default-src 'self' data: https://ictp-trst-001.westeurope.cloudapp.azure.com/matomo/ https://cdn.eye-able.com https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://include-rp.zfinder.de https://www.youtube.com https://geoportal.trier.de https://jobs.b-ite.com http://jobs.b-ite.com https://www.stadtradeln.de https://static.b-ite.com https://www.vrt-info.de http://www.heute-in-trier.de http://www.facebook.com http://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.facebook.com https://platform.twitter.com https://accounts.google.com https://www.bing.com http://www.wetterkontor.de http://94.130.59.28 https://www.youtube-nocookie.com https://app.docu4d.com https://dienste.wetterkontor.de https://www.trier-info.de https://www.wahlinfo.de https://www.pegelonline.wsv.de 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1 default-src 'self' 'unsafe-inline' data: global2000.at *.global2000.at https://*.google-analytics.com https://*.google.com https://*.google.at https://*.doubleclick.net https://*.youtube.com https://youtu.be https://*.ytimg.com https://*.facebook.com https://*.vimeocdn.com https://vimeo.com https://*.vimeo.com https://*.hotjar.com https://*.ubembed.com https://*.restorenature.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' global2000.at *.global2000.at https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.ubembed.com https://*.googleadservices.com https://*.twitter.com https://*.google.com https://*.google.at https://widget.proca.app; object-src 'self' global2000.at *.global2000.at 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.global2000.at; img-src 'self' *.global2000.at data: https://*.google.com https://*.google.at https://*.google.de https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://img.youtube.com https://i.ytimg.com https://*.europa.eu; media-src 'self' global2000.at *.global2000.at blob: data:; frame-src 'self' *.global2000.at https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; frame-ancestors 'self' *.global2000.at; child-src 'self' *.global2000.at blob: https://*.google.com https://*.ubembed.com https://*.google.at https://*.googletagmanager.com https://*.openstreetmap.org https://vimeo.com https://*.vimeo.com https://youtube.com https://www.youtube.com https://youtu.be https://*.supplychainge.org https://*.buzzsprout.com https://*.spotteron.com https://*.typeform.com https://*.facebook.com https://*.twitter.com https://*.hotjar.com https://*.restorenature.eu https://*.ai-sidekick.app https://*.suedwind.at; font-src 'self' *.global2000.at data:; connect-src 'self' *.global2000.at https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.google.at https://*.ubembed.com https://*.facebook.com https://country.proca.foundation/ https://*.proca.app; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1 default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com region1.analytics.google.com region1.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob: 1 default-src 'self'; child-src 'self' https://www.google.com https://www.youtube.com https://open.spotify.com; connect-src 'self' https://maps.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://www.facebook.com https://yoast.com; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://vlibras.gov.br https://www.google.com.br https://stats.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com https://www.facebook.com https://i.scdn.co https://cdn.jsdelivr.net data:; script-src 'self' https://cdn.jsdelivr.net https://developers.google.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://vlibras.gov.br https://connect.facebook.net https://cdnjs.cloudflare.com https://open.spotify.com https://open.spotifycdn.com https://embed-cdn.spotifycdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com 'unsafe-inline'; upgrade-insecure-requests 1 base-uri 'none';child-src 'none';connect-src 'self' http://127.0.0.1:1337 https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com https://mainnet.infura.io https://kovan.infura.io/ https://*.binance.org https://*.binance.org:8545 https://polygon-rpc.com https://matic-mumbai.chainstacklabs.com https://rpc-mumbai.maticvigil.com https://forno.celo.org https://alfajores-forno.celo-testnet.org https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://testnet.omni.network https://registry.walletconnect.com https://vercel.live https://*.walletconnect.com wss://relay.walletconnect.com wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com https://rpc.ankr.com https://cloudflare-eth.com/ https://staging.cms.polkastarter.com https://cms.polkastarter.com;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com/ https://verify.walletconnect.com https://vercel.live;img-src 'self' data: https://*.polkastarter.com https://registry.walletconnect.com https://img.youtube.com https://*.google-analytics.com https://explorer-api.walletconnect.com https://vercel.com/;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://*.polkastarter.com;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live https://browser.sentry-cdn.com https://cdn.vercel-insights.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;worker-src 'self'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1 base-uri 'self'; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com widget.trustpilot.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com global.sitesearch360.com ict.infinity-tracking.net insights.sitesearch360.com 'self' *.feefo.com *.google.com *.onetrust.com *.paragonbankinggroup.co.uk *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob:; media-src data: 'self'; script-src gap: 'self' cdn.sitesearch360.com cdn-ukwest.onetrust.com ict.infinity-tracking.net snap.licdn.com unpkg.com widget.trustpilot.com *.doubleclick.net *.feefo.com *.paragonbankinggroup.co.uk *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com fonts.googleapis.com register.feefo.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.surveymonkey.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=eylpEFWDowbVW5DQd%2BytSOCBR5kwhsMYPqF%2Fp2kPQVoKqwCGE32XGQGumgHpmBZrQFS7Nvj350Geh58Y1yJBgA%3D%3D; 1 base-uri 'self' https://*.giving.sg; child-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; frame-src https://www.youtube.com https://www.google.com https://js.stripe.com 'self' gap:; connect-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://*.google-analytics.com https://*.googletagmanager.com https://*.giving.sg https://*.ckeditor.com https://stats.g.doubleclick.net https://*.google.com.sg https://*.facebook.com https://*.analytics.google.com https://analytics.pangle-ads.com https://google.com https://*.tiktok.com https://analytics.google.com 'self'; default-src 'self' https://*.giving.sg https://*.google-analytics.com https://googleads.g.doubleclick.net gap: 'unsafe-inline' 'unsafe-eval'; font-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.onemap.sg 'self' data:; img-src https://*.youtube.com https://img.youtube.com https://www.google.com https://www.onemap.gov.sg https://maps-c.onemap.sg https://maps-b.onemap.sg https://maps-a.onemap.sg https://*.s3.ap-southeast-1.amazonaws.com https://*.stripe.com 'self' data: blob: https://*.googletagmanager.com https://i.ytimg.com https://*.volunteer.gov.sg https://validator.swagger.io https://*.facebook.com https://*.google.com.sg https://analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net blob:; media-src 'self' https://*.giving.sg; object-src 'self'; script-src https://www.youtube.com https://www.google.com https://*.google.com https://*.google.com.sg https://*.onemap.sg https://*.googletagmanager.com https://*.google-analytics.com https://*.giving.sg https://www.gstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://js.stripe.com https://*.facebook.com https://tpc.googlesyndication.com https://*.tiktok.com https://*.googleadservices.com https://*.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.youtube.com https://www.google.com https://www.onemap.gov.sg https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.onemap.sg https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.giving.sg 'self' 'unsafe-inline'; frame-ancestors https://*.giving.sg https://giving.sg https://www.giving.sg https://js.stripe.com https://td.doubleclick.net outsystems://app.giving.sg 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=KBukbZD0699N9pji8uPH6Fwf%2BJuiaGx2%2Fk10AsA5jPqfxslIQeL8SvhEm9jooiI4gjzFu7v%2BJBYKKNIRIVmWGg%3D%3D; 1 base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=j5XSOVq%2B7Q%2BNy0YrrPUZkb1y1qtBgY7rY5%2BIPdfpK6cbHUf0eHyfzVTbqIZrf0FdfZs1UGC07loubO%2BnUe5A9w%3D%3D; 1 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org; 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src 'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1 report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' ''sha256-FcbWubQGGFMAS71F3Xg9hDM0pfF+/idbYePgIS4oecc=' 'sha256-keffV0quDMAbyeX1/4YLUZgq6qTZq4xbHwc4fvVpGws=' 'sha256-8qEA6898bCZsncsjm0Dk2KjV2WK+2+8Aks3WfqWmUWY=' sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' 'sha256-0p21hmif1TiEP5IE/r3ri1cHw0RQzMKFQuK6Y8+MSxM=' 'sha256-IONGq3q3SUbZcvFq3OWEvLOn+6YXROnGyxqJaXZ5XqM=' 'sha256-PxE0YueUDOLIQZbUB7uIBmSR+rm9AoT37euB/1UuZ00=' 'sha256-rXRPabzczAqe8l4W5Ls96YFLaXicsCVoXls4kw5cYm0=' 'sha256-4K+enDkiwcZwt+5aUSZia7wZmCr0fOEHjwJgkiI84dw=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com *.screeb.app; connect-src 'self' *.run.app *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app; frame-ancestors 'none' 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net *.licdn.com *.twitter.com *.twimg.com *.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.googletagmanager.com *.matomo.cloud *.upsales.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.etracker.com *.etracker.de *.g.doubleclick.net *.matomo.cloud; 1 script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1 default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de https://*.usercentrics.eu www.googletagmanager.com; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data: https://*.usercentrics.eu; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net https://*.usercentrics.eu www.googletagmanager.com *.google-analytics.com; manifest-src 'self' 1 img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1 default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1 script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ 1 base-uri 'none';child-src 'none';connect-src 'self' https://staging.api.gam3s.gg/ https://api.gam3s.gg/ https://dev.api.gam3s.gg/ https://staging.api.polkastarter.gg/ https://api.polkastarter.gg/ https://dev.api.polkastarter.gg/ https://polkastarter-cms-staging.herokuapp.com/graphql https://polkastarter-cms.herokuapp.com/graphql https://api.twitch.tv https://cms.polkastarter.gg/graphql http://127.0.0.1:1337/graphql https://*.google-analytics.com https://vitals.vercel-insights.com https://o1188445.ingest.sentry.io https://api.coinbase.com https://www.google-analytics.com wss://ws-mt1.pusher.com https://vercel.live wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org wss://*.pusher.com https://*.pusher.com;default-src 'self';font-src 'self' data: https://*.hotjar.com;form-action 'self' *;frame-ancestors http://127.0.0.1:* https://polkastarter.gg https://www.polkastarter.gg https://www.gam3s.gg https://gam3s.gg;frame-src 'self' *;img-src * data:;manifest-src 'self' https://polkastarter.cloudflareaccess.com;media-src 'self' https://video.twimg.com https://*.polkastarter.com https://*.polkastarter.gg https://*.gam3s.gg https://*.soulbound.gg;object-src data:;prefetch-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://embed.twitch.tv https://player.twitch.tv/ https://www.youtube.com/ https://*.googletagmanager.com https://*.google-analytics.com https://vercel.live http://embed.typeform.com https://browser.sentry-cdn.com https://va.vercel-scripts.com https://cdn.vercel-insights.com https://*.hotjar.com http://*.hotjar.com;style-src 'self' 'unsafe-inline' http://embed.typeform.com;worker-src 'self'; 1 script-src 'self' 'nonce-8jDpcE6k5rGRHfm4agWPxdVS' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1 default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1 base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net s3.amazonaws.com https:; 1 default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-a9e8513ea08899da20fc02c96793ee2b' 'nonce-dad7eeae2731ec7538bbb04206b414c3' 'nonce-8cdb9671ce37f50f278a1ef0e387a01d' 'nonce-b92667b25ea0178cfa3733558f30f146' 'nonce-c6e90e289dcc28bba1600b6f4573315f' 'nonce-602214ca6792b4db83972b15f1b1192d' 'nonce-18bafefd3acf3df0c861020223d6ef20' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a9e8513ea08899da20fc02c96793ee2b' 'nonce-dad7eeae2731ec7538bbb04206b414c3' 'nonce-8cdb9671ce37f50f278a1ef0e387a01d' 'nonce-b92667b25ea0178cfa3733558f30f146' 'nonce-c6e90e289dcc28bba1600b6f4573315f' 'nonce-602214ca6792b4db83972b15f1b1192d' 'nonce-18bafefd3acf3df0c861020223d6ef20' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.smartmobil.de https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com https://analytics.tiktok.com https://umfrage.smartmobil.de; script-src 'strict-dynamic' 'nonce-ba8fc7b1773c7a03d99788232c537a9e' 'nonce-a47135c27ee293091dace29061ddc684' 'nonce-8750c2246242ca077f6808bddc495814' 'nonce-01e98588c3f3236fa16fdcf61f1482b6' 'nonce-b3f21c6360bd471e67802c5979174628' 'nonce-b0951adc8bc542964213de48cee69f3e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de https://umfrage.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-ba8fc7b1773c7a03d99788232c537a9e' 'nonce-a47135c27ee293091dace29061ddc684' 'nonce-8750c2246242ca077f6808bddc495814' 'nonce-01e98588c3f3236fa16fdcf61f1482b6' 'nonce-b3f21c6360bd471e67802c5979174628' 'nonce-b0951adc8bc542964213de48cee69f3e' 'self' 'unsafe-inline' https: 'report-sample' 1 self 1 default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.simplytel.de https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.simplytel.de https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de https://analytics.tiktok.com https://umfrage.simplytel.de; script-src 'strict-dynamic' 'nonce-aa6f9ac2f09832d8e34c1faf48d0edb9' 'nonce-4150980cabab0030416f5c77da0815ff' 'nonce-2ffde926ba794f324cc0090f270d24fe' 'nonce-b65e909fdddbf700be1cad1f4fd5d38e' 'nonce-7bb649bbe2b3dfc39810e7934729f889' 'nonce-637a6998fd7bce00e5eef80ed63d7a98' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de https://umfrage.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-aa6f9ac2f09832d8e34c1faf48d0edb9' 'nonce-4150980cabab0030416f5c77da0815ff' 'nonce-2ffde926ba794f324cc0090f270d24fe' 'nonce-b65e909fdddbf700be1cad1f4fd5d38e' 'nonce-7bb649bbe2b3dfc39810e7934729f889' 'nonce-637a6998fd7bce00e5eef80ed63d7a98' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1 base-uri 'none';default-src 'none';img-src 'self' data:;font-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline' 1 frame-ancestors 'none'; report-uri /report-csp-violation 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data: blob: 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src * 'unsafe-inline' data: blob: 'unsafe-inline'; frame-ancestors 'self' https://test.sagepay.com/*; child-src * 'unsafe-inline' data: blob: 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1 frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1 default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https:: 1 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 1; mode=block 1 default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.unitylivestream.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1 base-uri 'none';child-src 'none';connect-src 'self' *.apowiser.com *.google-analytics.com *.fullstory.com https://extreme-ip-lookup.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://recaptcha.net/recaptcha;img-src 'self' data: https: www.googletagmanager.com https://www.google-analytics.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' *.apowiser.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.fullstory.com https://recaptcha.net/recaptcha https://extreme-ip-lookup.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1 default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1 default-src 'self' 'unsafe-inline' data: wc.ts.ee www.nasdaqbaltic.com platform.linkedin.com secure.gravatar.com yoast.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com maps.googleapis.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com fonts.gstatic.com translate.google.com translate.googleapis.com www.gstatic.com www.youtube.com www.google.ee www.google.com www.google.co.uk www.google.lv www.google.lt www.google.fi www.google.se www.google.no www.google.de www.google.pl lh3.ggpht.com www.google.com.hk www.google.gr www.google.nl www.google.dk www.google.com.ua www.google.fr i.ytimg.com connect.facebook.net api.microsofttranslator.com www.facebook.com 'unsafe-eval' www.google.ch www.google.at www.google.ro www.google.es www.google.it www.google.hu www.google.co.in www.google.ie www.google.cz www.google.be www.google.ru www.google.com.au photos.marinetraffic.com www.google.at www.google.co.il www.google.co.kr www.google.pt www.google.ca www.google.mk www.google.co.th www.google.co.id www.google.com.lb www.google.cl www.google.sk www.google.is www.google.com.np www.google.com.pk www.google.si www.google.rs www.google.dz www.google.com.ng www.google.com.my www.google.com.ci www.google.im www.google.com.sg www.google.com.tr www.google.com.hr www.google.com.mt www.google.li www.google.co.jp view.news.eu.nasdaq.com www.solwininfotech.com www.google.com.co www.google.com.br www.google.cn www.google.com.cy www.google.ge www.google.lu www.google.ae cdn.jsdelivr.net wd.ts.ee static.cloudflareinsights.com ajax.cloudflare.com www.vikingline.ee www.envir.ee www.google.com.ph www.google.co.nz www.google.hr www.google.bg www.google.by www.transit.ee www.tallinnamerepaevad.ee www.google.com.vn www.google.kz www.google.mv www.google.com.tw www.balticline.fi www.google.com.eg tallinnamerepaevad.ee www.google.com.bz www.google.com.mx www.google.jo www.google.com.sa www.google.ci www.google.com.kw www.google.co.ma www.google.com.gh www.google.com.ar region1.analytics.google.com www.google.az www.google.com.uy www.google.co.za www.google.sn www.google.com.mm www.google.me www.google.mn www.google.lk vincent.callebaut.org tentea.ec.europa.eu www.google.tg www.google.com.qa www.google.co.tz www.google.co.cr www.kjk.ee www.google.co.uz www.google.co.ke ps.w.org s.w.org www.google.ba www.google.com.jm www.google.com.pe www.google.mg 6zzuupda.sendsmaily.net www.google.bj www.google.com.kh www.google.com.do lh3.googleusercontent.com www.google.iq www.google.co.ug www.google.co.mz www.google.al www.google.tn www.google.ad www.google.am www.google.md www.google.com.ly www.google.com.ec www.google.com.pa www.google.com.bd www.google.com.pr www.google.mu www.google.gg www.google.cm www.google.com.py www.google.com.bh www.google.je www.google.com.cu www.google.com.pg komerk.ee www.google.kg www.google.cv www.google.com.sl www.portoftallinn.com www.google.vg www.google.bt www.google.bf www.google.la www.google.tt www.google.com.sv www.google.so www.google.ps www.google.co.ve www.google.ga www.seatradecruiseglobal.com www.parkimine.ee translate-pa.googleapis.com wptide.org toolset.com wpml.org challenges.cloudflare.com cloudflareinsights.com analytics.google.com td.doubleclick.net blob: www.google.gl wpforms.com www.google.co.zw www.google.co.ao d1lsub6zbh43gv.cloudfront.net tp-cdn.wpml.org googleads.g.doubleclick.net adservice.google.com google.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com www.vikingline.ee www.google.com.sb www.google.td apis.google.com platform.twitter.com www.google.gm; report-uri /069b75c4f2e07da64b888cac9af4ea98c60c3e6787e0368d1a5ab34114eda24e 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net; 1 default-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com *.youtube.com *.youtube-nocookie.com; img-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de *.youtube.com *.youtube-nocookie.com; media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr connect.ekomi.de dwl.dawconnect.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com *.youtube-nocookie.com; font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr; style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr 'unsafe-inline'; object-src 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.youtube.com *.youtube-nocookie.com; 1 default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://i.ytimg.com https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://ssl.p.jwpcdn.com/; script-src 'self' 'unsafe-inline' https://s.ytimg.com/ https://www.liebesleben.de/typo3conf/ext/theme/Resources/Public/Bower/vue/dist/vue.min.js https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-ad5a8a6dc9c8bce6d9cf23fd3387c23d' 'unsafe-eval' https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self'; base-uri 'none' 1 frame-ancestors 'self' https://ahu.edu https://*.ahu.edu 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1 default-src 'none' 'self' *.gewobag.de data: eqs-cockpit.com *.eqs.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com *.wohnungshelden.de 'unsafe-inline' 1 default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 1 default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src * data:; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at cdn.linkedin.oribi.io; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at player.vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com; connect-src 'self' *.google-analytics.com; img-src 'self' data: shielded.co.nz i.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fast.fonts.net; font-src 'self' data:; frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: analytics.johnsonsbaby.com.br *.connect.facebook.net *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 allow 'self' default-src 'self' 'unsafe-inline' www.google-analytics.com *.twitter.com *.facebook.com *.facebook.net *.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.google.com https://www.gstatic.com https://www.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' https://maps.googleapis.com 1 default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1 default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://css.zohocdn.com/salesiq/styles https://css.zohocdn.com/salesiq/styles/* https://cdn.jsdelivr.net/* https://css.zohocdn.com/salesiq/styles/* https://css.zohocdn.com/salesiq/styles/floatbutton11_f2633c317a38e36bbe0e23bfa4a3e9fa_.css https://css.zohocdn.com; img-src 'self' data: https://p.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=da16c8f3-30f6-48f9-9160-a6da3d36fdec&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4kz7&type=javascript&version=2.3.29 https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=registration https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=landing; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=67ea32aa-c34c-4715-8d52-c5d49aa88428&integration=gtm-base&p_id=Twitter&p_user_id=0&pl_id=cf066c4b-b266-4ecc-b372-dafa083499be&tw_document_href=https%3A%2F%2Fwww.oldmutualalternatives.com%2F&tw_iframe_status=0&txn_id=o2n0b&type=javascript&version=2.3.29; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/partner/1874697/domain/oldmutualalternatives.com/token; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://cdn.gbqofs.com https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3 https://js.zohocdn.com https://js.zohostatic.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/hyperad/pixel-tracking?order=113373&action=subscription https://mitsweb.iitech.dk https://mitsweb.iitech.dk/*; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za; media-src 'self' data: https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 1 default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1 default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.yourfone.de https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.yourfone.de https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de https://maps.googleapis.com https://analytics.tiktok.com https://umfrage.yourfone.de; script-src 'strict-dynamic' 'nonce-c4e8f01e7a6f87a7912ccb566e87f9b6' 'nonce-5a5362b49603ee74a0d46abef4a94f4d' 'nonce-57d07024fb9deb1d2b837cea8e6063ea' 'nonce-cdb4a06c1bf0735862e0df4d09a645d2' 'nonce-bd4124ab668cb22b19ea141f1a3e0050' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de https://umfrage.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-c4e8f01e7a6f87a7912ccb566e87f9b6' 'nonce-5a5362b49603ee74a0d46abef4a94f4d' 'nonce-57d07024fb9deb1d2b837cea8e6063ea' 'nonce-cdb4a06c1bf0735862e0df4d09a645d2' 'nonce-bd4124ab668cb22b19ea141f1a3e0050' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src data: https: http:;script-src 'self' resource://pdf.js/ 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'unsafe-inline' https: http: blob:;object-src 'self' blob:;img-src 'self' https://*.everesttech.net https://dhlcom.d3.sc.omtrdc.net/ data: blob:;connect-src blob: 'self' https://*.demdex.net https://*.dhl.com https://*.video-cdn.net https://*.hereapi.com https://*.usetiful.com https://*.dpdhl.com;worker-src blob: 1 default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1 default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.google.com *.google-analytics.com *.purechat.com *.purechatcdn.com; object-src 'self' *.purechat.com *.purechatcdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com; img-src *; connect-src 'self' *.purechat.com *.purechatcdn.com; plugin-types application/pdf application/x-shockwave-flash; reflected-xss block 1 default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-3fedfed1a5d4f8dd760041e403373745' 'nonce-dfe435509ca28f5e09c5c6184c77a2b8' 'nonce-8bdb96a828f43327ed155e9e02e70bb1' 'nonce-1d29082203c62019667f0402b8c2b46e' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3fedfed1a5d4f8dd760041e403373745' 'nonce-dfe435509ca28f5e09c5c6184c77a2b8' 'nonce-8bdb96a828f43327ed155e9e02e70bb1' 'nonce-1d29082203c62019667f0402b8c2b46e' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://bptk-api.andreasfaust.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://bptk-api.andreasfaust.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1 default-src 'self' data: https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://*.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.yandex.net https://yastatic.net/ https://ya.ru/ https://bitrix.info; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://yastatic.net https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.yandex.net https://bitrix.info https://emlru.webim.ru https://api-maps.yandex.ru; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://code.jivosite.com https://mc.yandex.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.voximplant.com; img-src 'self' data: https://emlru.webim.ru:* https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net; font-src 'self' https://*.gstatic.com:* https://emlru.webim.ru:*; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com platform.twitter.com www.googletagmanager.com cdn.syndication.twimg.com cdn.knightlab.com cdncache-a.akamaihd.net https://cdn.printfriendly.com/printfriendly.js https://ds-4047.kxcdn.com/api/v3/domain_settings/ key-cdn.printfriendly.com static.addtoany.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' themes.googleusercontent.com platform.twitter.com ton.twimg.com cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ static.addtoany.com; img-src 'self' data: blob: filesystem www.google-analytics.com syndication.twitter.com pbs.twimg.com abs.twimg.com ton.twimg.com www.googletagmanager.com platform.twitter.com canvaspl-a.akamaihd.net; media-src 'self' mediastream:; frame-src 'self' platform.twitter.com syndication.twitter.com www.facebook.com www.youtube.com cdncache-a.akamaihd.net static.addtoany.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' themes.googleusercontent.com cdn.knightlab.com fonts.gstatic.com; connect-src 'self' wss://bot.enzona.net/ https://bot.enzona.net/ cdn.knightlab.com cdncache-a.akamaihd.net www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src self; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com; frame-ancestors * https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1 default-src *.responsetap.com *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; script-src *.googleapis.com *.responsetap.com *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; connect-src 'self' *.google-analytics.com *.onetrust.com wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.licdn.com *.line-scdn.net *.sharethis.com *.azure-api.net *.hsforms.net *.youtube.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.doubleclick.net *.cloudflare.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; img-src 'self' data: https: *.google-analytics.com *.doubleclick.net *.googletagmanager.com; frame-src 'self' *.hsforms.com *.youtube.com *.vimeo.com *.hubspot.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.hsforms.com *.linkedin.oribi.io *.hubapi.com *.analytics.google.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com *.cookielaw.org *.onetrust.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://lhcdn-src.mars.com https://players.brightcove.net https://www.google.com https://www.google.co.in https://www.gstatic.com https://api.tiles.mapbox.com https://sfapi.formstack.io https://az416426.vo.msecnd.net https://embed.mikmak.tv *.global.commerce-connector.com https://js-agent.newrelic.com https://dc.services.visualstudio.com https://bam-cell.nr-data.net https://translate.googleapis.com https://js.adsrvr.org *.mapbox.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net *.amazonaws.com https://s.pinimg.com https://ct.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://sc-static.net https://static.ads-twitter.com https://cdn.treasuredata.com https://cdn.jsdelivr.net https://sfapi-sandbox.formstack.io https://bam.nr-data.net https://cdn.cookielaw.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com/* http://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js; object-src 'none'; frame-src 'self' https://www.google.com https://9079101.fls.doubleclick.net https://www.google.com *.fls.doubleclick.net https://www.googletagmanager.com https://di.rlcdn.com https://tr.snapchat.com https://www.youtube.com; child-src blob: 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.google.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' script.hotjar.com kit.fontawesome.com *.googletagmanager.com *.google.com *.google.co.uk www.gstatic.com cdn-apac.onetrust.com player.vimeo.com pi.pardot.com *.onetrust.com *.hsadspixel.net *.google-analytics.com googleads.g.doubleclick.net static.hotjar.com snap.licdn.com ws.zoominfo.com *.hs-scripts.com *.txone.com *.hs-banner.com *.hs-analytics.net js-eu1.usemessages.com *.googleadservices.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com txone.localdev; img-src 'self' data: *.linkedin.com track-eu1.hubspot.com *.onetrust.com dnbe7xanmz9uh.cloudfront.net *.gravatar.com media.txone.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google.com.tw googleads.g.doubleclick.net; media-src 'self' media.txone.com dnbe7xanmz9uh.cloudfront.net youtu.be; connect-src 'self' stats.g.doubleclick.net ws.zoominfo.com *.fontawesome.com yoast.com *.linkedin.oribi.io *.onetrust.com *.googletagmanager.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com api-eu1.hubapi.com pagead2.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com content.hotjar.io vc.hotjar.io api-eu1.hubspot.com googleads.g.doubleclick.net google.com px.ads.linkedin.com; frame-src 'self' www.google.com youtube.com www.youtube.com youtu.be player.vimeo.com *.youtube-nocookie.com td.doubleclick.net app-eu1.hubspot.com; object-src 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com a.twiago.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.facebook.net *.dynatrace.com *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com *.clarity.ms clarity.ms snap.licdn.com *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' *.thebrighttag.com *.krxd.net id5-sync.com *.demdex.net *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.facebook.net *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.linkedin.com *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.zemanta.com; media-src 'self' *.tawk.to ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com *.office.com *.alperiagreenlife.eu; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com *.google.it google.it *.clarity.ms clarity.ms *.acsbapp.com acsbapp.com *.linkedin.oribi.io *.addtoany.com *.pagead2.googlesyndication.com *.googlesyndication.com; report-uri /report-csp-violation 1 base-uri 'none'; default-src 'none'; child-src https://www.youtube.com https://www.youtube.com https://player.vimeo.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; connect-src 'self' https://*.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://vimeo.com https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://bam.nr-data.net https://*.tiktok.com; font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://cloud.typenetwork.com https://fonts.gstatic.com data:; frame-ancestors 'self'; frame-src https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://www.delijn.be https://*.resengo.com https://*.tiktok.com; img-src 'self' https://www.google-analytics.com https://*.google.com/ads/ https://*.google.be/ads/ https://www.facebook.com https://i3.ytimg.com https://gallery.mailchimp.com https://cdn-images.mailchimp.com/ https://resengocomgeneralpurpose.blob.core.windows.net https://*.tiktok.com data:; media-src https://p.scdn.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com/player_api https://s.ytimg.com https://player.vimeo.com/api/player.js https://*.resengo.com https://resengocomgeneralpurpose.blob.core.windows.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.tiktok.com 'unsafe-inline'; style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com 'unsafe-inline'; 1 base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://*.abtasty.com https://*.adservice.google.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mypurecloud.com.au https://*.sentry.io https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://analytics.formstack.com https://api.addressfinder.io https://au-live.inside-graph.com https://js.hsadspixel.net https://js.hscollectedforms.net https://stats.g.doubleclick.net https://www.instagram.com wss://*.hotjar.com wss://*.mypurecloud.com.au wss://au-live.inside-graph.com https://*.swiftype.com https://*.swiftypecdn.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io blob: data:; form-action 'self' https://*.powershop.co.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://critchlow.carto.com; img-src 'self' https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.google.com.au https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://adservice.google.com https://analytics.formstack.com https://fonts.gstatic.com https://i.vimeocdn.com https://js.hsadspixel.net https://www.instagram.com https://*.swiftype.com blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.inside-graph.com https://*.mypurecloud.com.au https://*.tealiumiq.com https://*.tiqcdn.cn https://*.tiqcdn.com https://*.tt.omtrdc.net https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://analytics.formstack.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://tagmanager.google.com wss://*.hotjar.com https://*.swiftype.com https://*.swiftypecdn.com 'nonce-ZGExNWM1YjNmOTI2MGZiNTI0ZjRhYTM4ZWE5YTU3ZjQwMzFmMWFmNjk0NDliMzY0YzUwNmEwMGM3M2FlNTIwZTQ5YmVmZDc3OWJkNzg0ZjQ3N2Y0ZGZjYTgxNWRjNDI1NWJiNGRkZmJjYWFkZjgyODYyYTZmZDRiMDlmMjRmYzM=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com https://*.swiftype.com https://*.swiftypecdn.com 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/4504811489984512/csp-report/?sentry_key=a2cb92247922492b95ce72aee1ae6528&sentry_environment=live; upgrade-insecure-requests 1 default-src 'self'; object-src 'self' https://pts.blacksim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.blacksim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.blacksim.de https://umfrage.blacksim.de https://pts.blacksim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.blacksim.de https://stats.blacksim.de https://imagepool.blacksim.de https://pts.blacksim.de https://analytics.tiktok.com https://umfrage.blacksim.de; script-src 'strict-dynamic' 'nonce-974e81ccae863163780ed46c6e948af7' 'nonce-290dfe7fda644ba076d9ff01aaea78c0' 'nonce-c0857c787976df4b8a31a532944eb40a' 'nonce-bfb5192e6a0f1f53525d34ae87f541b1' 'nonce-b80046adcf9d176533ba5a345f66b373' 'nonce-0c3866f642fb8bf935f96f50c439098d' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.blacksim.de https://umfrage.blacksim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-974e81ccae863163780ed46c6e948af7' 'nonce-290dfe7fda644ba076d9ff01aaea78c0' 'nonce-c0857c787976df4b8a31a532944eb40a' 'nonce-bfb5192e6a0f1f53525d34ae87f541b1' 'nonce-b80046adcf9d176533ba5a345f66b373' 'nonce-0c3866f642fb8bf935f96f50c439098d' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 1 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1 script-src 'nonce-Uv8B7DzrVcPdKOhyEJZSLEmuXGY=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1 default-src * data: 'unsafe-eval' 'unsafe-inline' *.evergage.com *.evgnet.com cdn.evergage.com *.criteo.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic.com facebook.net *.facebook.net facebook.com *.facebook.com cloudflareinsights.com *.cloudflareinsights.com addtoany.com *.addtoany.com *.cloudflare.com cloudflare.com *.googletagmanager.com googletagmanager.com *.bootstrapcdn.com bootstrapcdn.com *.bing.com bing.com *.licdn.com licdn.com *.crazyegg.com crazyegg.com *.clarity.ms clarity.ms *.dynamic.criteo.com dynamic.criteo.com *.sslwidget.criteo.com sslwidget.criteo.com *.criteo.com/* pi.pardot.com js-agent.newrelic.com static.hotjar.com script.hotjar.com info.flexcarestaff.com bam.nr-data.net cdn.evgnet.com flexcarestaffing.us-7.evergage.com *.googleadservices.com *.flexcarestaffing.us-7.evergage.com cdn.evergage.com *.cloudflareinsights.com unpkg.com; report-uri /report-csp-violation 1 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1 default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1 default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net; img-src * data: about:; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do player.vimeo.com; frame-ancestors 'self'; 1 style-src 'self' 'unsafe-inline'; script-src 'self' 1 base-uri 'self';child-src *.hsforms.com;connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://ws.qualified.com *.qualified.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-bbam3cv1z-incident-io-team.vercel.app;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self' *.hsforms.com;frame-ancestors 'self' https://incident.sanity.studio;frame-src *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com;img-src 'self' data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com;manifest-src 'self';media-src 'self' https: data: blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.twitter.com;style-src 'self' 'unsafe-inline' *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net;worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9;report-to https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9; 1 default-src 'self'; script-src 'self' 'unsafe-inline' cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' *.google-analytics.com *.googletagmanager.com data: d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com; media-src 'self'; frame-src 'self' *.youtube.com ; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' data: *.rotex-control.com *.daikin-control.com *.googleapis.com *.gstatic.com *.gravatar.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1 default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.maxxim.de https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.maxxim.de https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de https://analytics.tiktok.com https://umfrage.maxxim.de; script-src 'strict-dynamic' 'nonce-eca58270dac058ef43111fcf6ee595f1' 'nonce-29e6bbe25e57d4eeb90aeb2988e3ea80' 'nonce-d5e7a47f0ff75eee29ec2c793a49dd65' 'nonce-5ccf82f1502faaed5b21a7bc7fd2edf1' 'nonce-16af601299120d72fc16de56fd05d1e8' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de https://umfrage.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-eca58270dac058ef43111fcf6ee595f1' 'nonce-29e6bbe25e57d4eeb90aeb2988e3ea80' 'nonce-d5e7a47f0ff75eee29ec2c793a49dd65' 'nonce-5ccf82f1502faaed5b21a7bc7fd2edf1' 'nonce-16af601299120d72fc16de56fd05d1e8' 'self' 'unsafe-inline' https: 'report-sample' 1 default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *hosted-pageflow.com *.readspeaker.com datawrapper.dwcdn.net www.unitylivestream.com ; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1 default-src 'self'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: ; font-src 'self'; connect-src * 'self'; media-src * 'self'; object-src * 'self'; frame-src * 'self'; worker-src 'self'; frame-ancestors * 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1 script-src 'unsafe-inline' 'self' https://www.youtube.com https://*.addtoany.com https://www.dailymotion.com https://cdn.jsdelivr.net https://*.hotjar.com https://connect.facebook.net https://platform.twitter.com https://tag.aticdn.net https://cbassets.botnation.ai https://pebed.dm-event.net https://imasdk.googleapis.com; object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.cloudflare.com *.googletagmanager.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com *.bootstrapcdn.com https://cdn.ckeditor.com *.google-analytics.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com https://support.sunway.edu.my https://static.lightning.force.com https://assets.mailerlite.com https://ipapi.co https://code.jquery.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com https://use.fontawesome.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://assets.mailerlite.com; img-src 'self' * data: about:; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my https://forms.office.com https://assets.mailerlite.com *.issuu.com https://issuu.com; frame-ancestors 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com https://support.sunway.edu.my; child-src 'self' *.youtube.com www.youtube.com *.google.com *.gstatic.com *.vimeo.com *.salesforceliveagent.com *.salesforce.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.jsdelivr.net https://support.sunway.edu.my data:; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'none';child-src 'none';connect-src 'self' https://noembed.com cdn-ukwest.onetrust.com geolocation.onetrust.com *.onetrust.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.copper.co/platform/currencies https://geo.ipify.org/api/v2/country;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com https://www.podbean.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://calendly.com recaptcha.net;img-src 'self' data: https://images.ctfassets.net/ https://videos.ctfassets.net/ https://cdn-ukwest.onetrust.com/ https://i.ytimg.com https://www.google.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.co.uk/ads/ga-audiences https://bat.bing.com https://px.ads.linkedin.com https://*.onetrust.com https://ssl.gstatic.com https://www.gstatic.com https://ws.zoominfo.com/pixel/62fcf0b05087fb00901e129f;manifest-src 'self';media-src 'self' https://videos.ctfassets.net/;object-src 'none';prefetch-src 'self';script-src 'self' assets.calendly.com cdn-ukwest.onetrust.com recaptcha.net https://noembed.com/embed https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://bat.bing.com/ https://*.onetrust.com https://ws.zoominfo.com https://ads-twitter.com 'nonce-LOS1Ro5DhlC7AOlvpUf+2w==' ;style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1 default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https:; worker-src blob: 1 default-src 'self'; script-src 'self' 'unsafe-inline' *.fona.de *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.streambuzzer.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' *.twitter.com *.twimg.com *.fona.de *.matpro.de *.ytimg.com *.vimeocdn.com; font-src 'self'; connect-src 'self' *.cookiebot.com *.cookiebot.eu stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com *.bmbf.de; frame-src 'self' *.fona.de *.streambuzzer.com *.cookiebot.com *.cookiebot.eu *.vditz.com *.pt-dlr.de *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bmbf.de *.emailsys1a.net; object-src 'none'; frame-ancestors 'self' *.fona.de; 1 frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1 frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' blob:; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.ampproject.org stats.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com www.google.com www.googletagmanager.com campuseducacion.com ws.sharethis.com connect.facebook.net code.jquery.com ssl.google-analytics.com cdn.jsdelivr.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.krxd.net beacon.krxd.net consumer.krxd.net www.gstatic.com adservice.google.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com adservice.google.es partner.googleadservices.com unpkg.com ajax.googleapis.com static.ads-twitter.com platform.twitter.com load.sumome.com analytics.twitter.com load.sumo.com reddit.com; style-src 'self' data: 'unsafe-inline' c0.wp.com ws.sharethis.com use.fontawesome.com code.jquery.com fonts.google.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com; img-src 'self' data: blob: *.wp.com i2.wp.com pixel.wp.com s0.wp.com s1.wp.com s2.wp.com c0.wp.com ws.sharethis.com code.jquery.com www.facebook.com ssl.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com secure.gravatar.com www.googletagmanager.com ajax.googleapis.com t.co load.sumo.com; frame-src 'self' pagead2.googlesyndication.com www.slideshare.net web.facebook.com ws.sharethis.com player.vimeo.com www.vimeo.com www.google.com www.facebook.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.youtube.com www.vimeo.com; font-src 'self' data: s0.wp.com s1.wp.com s2.wp.com c0.wp.com use.fontawesome.com fonts.google.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.mgr.consensu.org l.sharethis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com sumo.com *.google.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my *.google.co.uk *.analytics.google.com *.googletagmanager.com; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com *.analytics.google.com www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' 1 img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com https://locator.uberall.com https://is1-ssl.mzstatic.com https://maps.googleapis.com https://static-prod.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cmmdhoksda.cloudimg.io/ https://cdnjs.cloudflare.com https://cmmdhoksda.cloudimg.io/ https://uploads-ssl.webflow.com/ https://cdn.jsdelivr.net https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net https://uberall.com https://static-prod.uberall.com https://locator.uberall.com/ https://d3e54v103j8qbb.cloudfront.net/ https://svc.webspellchecker.net/ https://postcodes.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com https://13646485.fls.doubleclick.net/ https://td.doubleclick.net/; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tr.snapchat.com/ https://uberall.com https://maps.googleapis.com https://locator.uberall.com/ https://svc.webspellchecker.net/ https://postcodes.io https://pagead2.googlesyndication.com https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://*.google-analytics.com; font-src data: 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net https://static-prod.uberall.com; media-src 'self' https://uploads-ssl.webflow.com; object-src 'self'; frame-ancestors none 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.analytics.tiktok.com *.connect.facebook.net *.p.teads.tv *.p.teads.tv *.*.www.googletagmanager.com *.analytics.johnsonsbaby.com.co *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 policy 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.jnjbrasil.com.br *.cdn.cookielaw.org *.onetrust.com *.pagead2.googlesyndication.com geolocation.onetrust.com *.facebook.net *.google.com.br *.google.com *.doubleclick.net *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com data: *.newrelic.com *.jnjbrasil.com.br *.jnjbrasil.com *.virtualinteractions.com.br *.salesforceliveagent.com *.retargetly.com *.mathtag.com *.sitescout.com *.doubleclick.net *.tapad.com *.bluekai.com *.adsrvr.org *.adnxs.com *.pubmatic.com *.teads.tv *.smartadserver.com *.dotomi.com *.amazonaws.com *.facebook.com *.nr-data.net *.googlesyndication.com *.googleapis.com *.googleadservices.com *.google.co.in googleads.g.doubleclick.net *.placeholder.com *.google.com.mx *.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://jquery.com/ https://youtube.com/ https://www.youtube.com/ https://www.salesforceliveagent.com/ https://c.la1-c1-frf.salesforceliveagent.com/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://code.jquery.com/ https://connect.facebook.net/ https://facebook.net/ https://johnson.virtualinteractions.com.br https://cdn.cookielaw.org/ https://cookielaw.org/ https://www.google-analytics.com/ https://d.la1-c1-frf.salesforceliveagent.com/ https://d.la3-c1-fra.salesforceliveagent.com/; object-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://www.facebook.com/ https://facebook.com/ https://ad.doubleclick.net/ https://analytics.jnjbrasil.com.br/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://google.com/ https://analytics.jnjbrasil.com.br/ *.google.com.br https://era-images.s3.amazonaws.com https://via.placeholder.com https://d5k2ho7p0o8vp.cloudfront.net https://analytics.google.com https://server-side-tagging-b4b35m77ha-uc.a.run.app data:; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com *.olark.com trafmag.utarget.ru *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com; object-src 'none'; img-src 'self' *.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1 frame-ancestors self; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: use.typekit.net www.googletagmanager.com https://www.google-analytics.com cdnjs.cloudflare.com tagmanager.google.com https://optimize.google.com maps.googleapis.com https://cdn.rawgit.com *.cookiebot.com www.googleadservices.com *.facebook.net *.doubleclick.net *.rubico.be cdn.jsdelivr.net unpkg.com plugin.skedify.io api.skedify.io https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://bat.bing.com https://www.google.com https://apenterprise.io https://s.pinimg.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.parentia.be *.sc-static.net *.snapchat.com analytics.tiktok.com https://sc-static.net https://sentry.innovatio.be; style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com https://optimize.google.com plugin.skedify.io; img-src 'self' p.typekit.net https://www.google-analytics.com data: ssl.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com https://optimize.google.com www.facebook.com *.google.com www.google.be *.google.nl www.google.fr https://bat.bing.com https://www.googletagmanager.com https://ct.pinterest.com googleads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com https://tr.snapchat.com; frame-src *.parentia.be https://www.facebook.com www.youtube-nocookie.com *.cookiebot.com https://optimize.google.com https://www.google.com/recaptcha/api2/ https://player.simplecast.com/ https://www.youtube.com/embed/ https://vars.hotjar.com https://ct.pinterest.com https://www.pinterest.com https://tr.snapchat.com https://sentry.innovatio.be; child-src *.parentia.be www.youtube-nocookie.com *.cookiebot.com *.hotjar.com https://sentry.innovatio.be; font-src 'self' *.typekit.net fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; connect-src 'self' performance.typekit.net *.analytics.google.com www.google-analytics.com https://adservice.google.com *.facebook.com parentia.rubico.be cdn.jsdelivr.net unpkg.com api.skedify.io parentia.skedify.me *.googleapis.com https://www.google.com/recaptcha/api.js https://www.google.com https://bat.bing.com https://apenterprise.io https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ct.pinterest.com parentia.be http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com https://api.pinpiaa.com https://*.parentia.be https://www.parentia.be/cockpit/ *.innovatio.be *.sc-static.net *.snapchat.com https://sentry.innovatio.be; report-uri /report-csp-violation 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * 'unsafe-inline'; connect-src *; report-uri /admin/config/system/seckit/csp-report 1 script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; default-src 'self' 1 default-src 'self' https://equatio.texthelp.com/client/ wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://*.europe-west1.firebasedatabase.app/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com https://equatio-search-proxy-eu.texthelp.com https://script.google.com/ https://idp.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/client/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/client/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://*.europe-west1.firebasedatabase.app/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/client/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/client/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 1 default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr *.tubedu.org ; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com; upgrade-insecure-requests 1 base-uri 'none';child-src 'self' https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;connect-src 'self' ws: wss: https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.doubleclick.net https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://*.googleapis.com https://*.algolia.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com webpack://*;default-src 'self';font-src 'self' https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io;form-action 'self' https://connect.facebook.net https://www.facebook.com;frame-ancestors 'none';frame-src https://www.youtube.com https://www.google.com https://www.google.co.uk https://recaptcha.net http://view.ceros.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com https://connect.facebook.net https://www.facebook.com;img-src 'self' data: blob: https://media.umbraco.io https://www.cqc.org.uk https://www.gstatic.com https://*.gstatic.com https://*.googleapis.com https://www.google.com https://www.google.co.uk https://recaptcha.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;manifest-src 'self';media-src 'self' https://media.umbraco.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://www.gstatic.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://webrtc.github.io https://ajax.aspnetcdn.com https://webchat2.homegroup.org.uk https://www.cqc.org.uk https://www.google.com https://www.google.co.uk https://recaptcha.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.gstatic.com https://www.cqc.org.uk https://*.googleapis.com https://conversenow-production-public.s3.eu-west-2.amazonaws.com https://s3.eu-west-2.amazonaws.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net unpkg.com player.vimeo.com www.vimeo.com f.vimeocdn.com static.userback.io www.google.com www.gstatic.com https://www.chipta.com https://www.googletagmanager.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com fonts.googleapis.com static.userback.io; img-src data: 'self' *.vimeocdn.com *.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.vimeo.com vimeo.com www.google.com https://iframeshop.chipta.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com https://static.userback.io; connect-src 'self' api.userback.io https://*.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1 default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com; worker-src 'self'; 1 base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-LAf4iELLj7QBbzH5yGIjjmgz' 'nonce-OX1ClVkSF8Tq87YOvSQ1/Sr1' 'nonce-gWMdTShkng+zSDh2uZ9Ie16G' 'nonce-F4d27tTHBJsUu9Rc3Hj3yfDg' 'nonce-0SBwmy3XgsFmV5yaKkQUkDNw' 'nonce-W10oh/t8svXVAz8b8GyS9ZZO' 'nonce-CPTJg9NeT1uoDoB0bnK7CHGD' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1 base-uri 'none';child-src *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;connect-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;default-src 'self' *.xexchange.com *.hatom.com *.vercel.com *.elrond.com *.multiversx.com *.coingecko.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.google-analytics.com *.maiar.exchange *.sentry.io localhost:* elrond-api.blastapi.io;font-src 'self' *.googleapis.com *.hotjar.com;form-action 'self';frame-ancestors 'none';frame-src *.hotjar.com;img-src * blob: data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com *.hotjar.com;style-src 'self' *.hotjar.com 'unsafe-inline' *.googleapis.com;worker-src 'self'; 1 default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'self' blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com;script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googleapis.com *.google.com *.google.com.vn *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.cloudflare.com *.facebook.net *.connect.facebook.net *.facebook.com *.khaosat.me *.bootstrapcdn.com *.ytimg.com *.hotjar.com *.cloudfront.net *.cdn.ravenjs.com *.ingest.sentry.io *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me *.cloudfront.net *.mapbox.com d1a3f4spazzrp4.cloudfront.net;font-src 'self' 'self' blob: 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.cloudflare.com *.khaosat.me script.hotjar.com;frame-src staticxx.facebook.com facebook.com *.facebook.com youtube.com *.youtube.com *.vimeo.com khaosat.me *.khaosat.me *.google.com connect.facebook.net *.hotjar.com *.g.doubleclick.net *.googlesyndication.com *.doubleclick.net;img-src 'self' data: 'self' blob: *;connect-src 'self' 'self' blob: *.googleapis.com *.facebook.com https://*.khaosat.me:* https://khaosat.me:* https://ws.khaosat.me:* wss://ws.khaosat.me:* https://khao-sat.com:* https://*.hotjar.com:* wss://*.hotjar.com ws://khaosat.me:7890 https://vc.hotjar.io:* http://*.hotjar.com:* https://*.mapbox.com:* https://*.cloudfront.net:* https://cdn.ravenjs.com https://*.ingest.sentry.io https://www.google-analytics.com https://pagead2.googlesyndication.com *.doubleclick.net *.google.com;media-src 'self' 'self' data: 'self' blob: * 1 default-src 'self' 'unsafe-inline' *data: region1.analytics.google.com https://www.google-analytics.com *.google.com *.google.it *.google.video.com *.googleapis.com *.ytimg.com *.ggpht.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.analytics.google.com *.google-analytics.com https://www.google-analytics.com *.gstatic.com *.doubleclick.net *.youtube.com unpkg.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.googleapis.com https://fonts.gstatic.com https://unpkg.com *.google.com *.gstatic.com *.bootstrapcdn.com; img-src 'self' data:* data* *.google-analytics.com *.google.it https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com *.google.com *.gstatic.com https://geoportal.un.org; frame-ancestors 'self' youtube.com *.youtube.com *.googlevideo.com; child-src 'self' youtube.com *.youtube.com *.google.com *.gstatic.com; font-src 'self' https://fonts.googleapis.com *.fontawesome.com *.gstatic.com *.jsdelivr.net *.cloudflare.com; report-uri /report-csp-violation 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1 base-uri 'none'; default-src 'self'; child-src https://www.youtube.com https://*.google.com https://*.faceup.com https://*.nntb.cz blob:; connect-src 'self' https://geis.daktela.com https://t.leady.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io; font-src 'self' https://*.gstatic.com data:; form-action 'self'; img-src https://*.seznam.cz 'self' https://t.leady.com https://*.google-analytics.com https://*.google.cz https://*.google.com blob: data:; media-src 'self' blob:; script-src 'self' https://*.google.com https://*.gstatic.com https://*.seznam.cz https://geis.daktela.com https://t.leady.com https://tt.geis.cz https://tt.geis.pl https://*.hotjar.com https://*.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self'; style-src 'self' 'unsafe-inline' *.doctoraki.com *.survicate.com *.googletagmanager.com *.googleapis.com *.clarity.ms *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'nonce-e1185a5bb5420a9ea8e6722dbab54845' https://www.datadoghq-browser-agent.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.solucionesbolivar.com *.abtasty.com *.clarity.ms *.survicate.com *.doctoraki.com *.solucionesbolivarsites.com *.solucionesbolivar.net *.visualwebsiteoptimizer.com *.googleadservices.com *.facebook.net *.tiktok.com *.crazyegg.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.infobip.com *.adnxs.com *.pixel.ad *.mktoresp.com *.cloudflare.com *.googleoptimize.com *.google.com *.google.com.co *.google.co.in *.googleapis.com *.gstatic.com https://www.gstatic.com *.jquery.com *.bootstrapcdn.com; connect-src 'self' *.doctoraki.com *.crazyegg.com https://*.browser-intake-datadoghq.com *.logs.datadoghq.com *.abtasty.com *.solucionesbolivar.com *.solucionesbolivarsites.com wss://*.solucionesbolivarsites.com *.solucionesbolivar.net *.amazonaws.com *.mktoresp.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.marketo.com *.kapturall.com *.gstatic.com https://www.gstatic.com *.hotjar.com *.hotjar.io *.azureedge.net *.liveperson.net *.marketo.net *.sitescout.com *.adnxs.com *.pixel.ad *.cloudflare.com *.infobip.com *.survicate.com *.tiktok.com *.googleapis.com *.clarity.ms *.doubleclick.net; font-src 'self' data: *.doctoraki.com *.survicate.com *.gstatic.com https://www.gstatic.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com *.s3.amazonaws.com; img-src 'self' data: *.githubusercontent.com *.amazonaws.com *.cloudfront.net *.visualwebsiteoptimizer.com *.doctoraki.com *.google.com *.google.com.co *.google.co.in *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.survicate.com *.webflow.com https://www.gstatic.com *.gstatic.com https://www.facebook.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; manifest-src 'self' *.cloudfront.net *.doctoraki.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; form-action 'self' *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; frame-src 'self' blob: *.doctoraki.com *.doubleclick.net https://www.google.com *.firebaseapp.com *.solucionesbolivar.com *.solucionesbolivar.net *.solucionesbolivarsites.com; worker-src 'self' blob:; base-uri 'self'; object-src 'none'; 1 script-src 'self' 'nonce-zB8IKuwaUVOHyEcANkDsFeCQ' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics https://www.opinionstage.com https://static.ctctcdn.com http://embed.typeform.com/ https://embed.typeform.com/ *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1 default-src 'self'; connect-src 'self' https://nominatim.openstreetmap.org http://nominatim.openstreetmap.org nominatim.openstreetmap.org; font-src 'self' https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de data:; frame-ancestors 'self' https://klinikumjobs.de https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com; frame-src 'self' https://benutzerhandbuch-cshs.condat.de http://benutzerhandbuch-cshs.condat.de benutzerhandbuch-cshs.condat.de https://prezi.com/p/embed/MPOGB6oZvPvNpRmIzIHw/ https://*.doccheck.com http://*.doccheck.com *.doccheck.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; img-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.tile.openstreetmap.org http://*.tile.openstreetmap.org *.tile.openstreetmap.org https://cshs.myskbs.de https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com data:; media-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.amazonaws.com http://*.amazonaws.com *.amazonaws.com https://*.cloudfront.net http://*.cloudfront.net *.cloudfront.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; object-src 'self' https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.youtube-nocookie.com http://*.youtube-nocookie.com *.youtube-nocookie.com https://*.youtube.com http://*.youtube.com *.youtube.com; script-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.prezi.com http://*.prezi.com *.prezi.com https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.jsdelivr.net http://cdn.jsdelivr.net cdn.jsdelivr.net https://*.kununu.com http://*.kununu.com *.kununu.com https://*.spendino.de http://*.spendino.de *.spendino.de 'unsafe-inline' 1 default-src 'self' data: http://googleads.g.doubleclick.net http://www.google.com/ads/user-lists/ http://www.google.ru/ads/user-lists/ http://mc.yandex.ru http://bitrix.info http://stat.sputnik.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bitrix.info https://connect.facebook.net https://apis.google.com:* https://platform.twitter.com https://userapi.com:* https://pos.gosuslugi.ru:* https://apis.google.com:* https://vk.com:* http://www.google-analytics.com http://maps.google.com http://*.gstatic.com:* http://*.googleapis.com http://code.jivosite.com http://mc.yandex.ru http://www.googleadservices.com http://googleads.g.doubleclick.net http://cdn.voximplant.com https://vashkontrol.ru http://stat.sputnik.ru:* ; style-src 'self' 'unsafe-inline' http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* https://vashkontrol.ru:* http://cnt.sputnik.ru:*; img-src 'self' blob: data: http://counter.yadro.ru:* https://pos.gosuslugi.ru:* http://i1.ytimg.com:* http://code.jivosite.com:* http://mc.yandex.ru:* http://*.googleapis.com http://*.gstatic.com:* http://www.google-analytics.com http://stat.sputnik.ru:* https://vashkontrol.ru:* http://cnt.sputnik.ru:* https://syndication.twitter.com:*; font-src 'self' http://*.gstatic.com:* https://pos.gosuslugi.ru:*; frame-src 'self' https://ervk.gov.ru:* https://pos.gosuslugi.ru:* https://apis.google.com:* http://developers.google.com:* https://platform.twitter.com:* https://accounts.google.com:* http://cnt.sputnik.ru:* https://www.facebook.com:* https://developers.google.com:*; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src data: 'self' 'unsafe-inline' https://*.crwdcntrl.net https://www.youtube-nocookie.com https://*.amazonaws.com https://api.tintup.com https://cdn.hypemarks.com https://*.nr-data.net https://*.newrelic.com https://www.tintup.com https://*.facebook.net https://analytics.google.com https://*.analytics.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://*.onetrust.com https://*.sharethis.com https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.bootstrapcdn.com https://*.crowdriff.com https://*.addtoany.com https://*.fontawesome.com https://*.resy.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.facebook.com; upgrade-insecure-requests 1 default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1 default-src 'self'; style-src 'self' 'unsafe-inline', default-src 'self'; style-src 'self' 'unsafe-inline' 1 base-uri 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;child-src 'none';connect-src 'self' forms.hsforms.com *.backblazeb2.com hubspot-forms-static-embed.s3.amazonaws.com/ assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com search.redballoon.work analytics.redballoon.work api.honeybadger.io secure.safewebservices.com app.posthog.com;default-src 'self';font-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com fonts.gstatic.com;form-action 'self' forms.hsforms.com;frame-ancestors www.youtube.com;frame-src www.youtube.com player.vimeo.com www.youtube-nocookie.com forms.hsforms.com calendly.com iframe.cloudflarestream.com secure.safewebservices.com assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;img-src 'self' blob: assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: forms.hsforms.com forms-na1.hsforms.com;manifest-src 'self';media-src 'self';object-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com;script-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com www.youtube.com embed.cloudflarestream.com analytics.redballoon.work js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com secure.safewebservices.com app.posthog.com;style-src 'self' assets.redballoon.work prod.assets.redballoon.work production-assets.0c1585fd2300c797f28a22986ff717e0.r2.cloudflarestorage.com data: fonts.googleapis.com secure.safewebservices.com 'unsafe-inline' app.posthog.com;worker-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mailworx.marketingsuite.info https://js.hcaptcha.com https://app.usercentrics.eu https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.jsdelivr.net https://privacy-proxy.usercentrics.eu https://code.jquery.com https://cdnjs.cloudflare.com; object-src 'self'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://newassets.hcaptcha.com; child-src 'self' https://www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1 default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1 base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src spenden.twingle.de;img-src 'self' jacobin.de data: *.met.vgwort.de;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:1337 adsapi.jacobin.de api.jacobin.de shop.jacobin.de analyse.jacobin.de spenden.twingle.de *.met.vgwort.de;style-src 'self' 'unsafe-inline'; 1 connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com;worker-src 'self'; 1 default-src 'self' https://boogie-shop.ru ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com *.boogie-shop.ru *.jivosite.com *.jivo.ru *.pochta.ru wss://*.jivosite.com *.yandex.ru *.yandex.com *.yandex.net vk.com *.googleapis.com *.googletagmanager.com *.google.com *.doubleclick.net *.google-analytics.com *.gstatic.com yastatic.net ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com; script-src 'unsafe-inline' 'unsafe-eval' ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com *.ckeditor.com *.boogie-shop.ru *.yandex.ru *.yandex.com *.yandex.net vk.com *.jivosite.com *.jivo.ru *.pochta.ru vk.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google.com yastatic.net *.doubleclick.net *.google-analytics.com; object-src 'unsafe-inline' *; style-src 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google.com *.ckeditor.com *.boogie-shop.ru *.yandex.ru *.yandex.com *.yandex.net vk.com *.jivosite.com *.jivo.ru *.pochta.ru *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com ymetrica1.com widget.cloudpayments.ru *.jsdelivr.net *.cloudpayments.ru ticketscloud.com *.reviewlab.ru *.saferoute.ru *.bitrix24.ru *.roistat.com *.cloudflareinsights.com *.cloudflare.com; img-src 'unsafe-inline' * data:; media-src 'unsafe-inline' * data; frame-src 'unsafe-inline' *; font-src 'unsafe-inline' 'self' * data:; report-uri /report-csp-violation 1 default-src 'none'; script-src 'none'; style-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1 default-src 'self'; frame-src 'self' https://secure.livechatinc.com/ *.webspellchecker.net *.nhs.uk *.facebook.com *.youtube.com *.vimeo.com *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://static.zdassets.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/tracking.js *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs *.webspellchecker.net *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk use.typekit.net; font-src 'self' 'unsafe-inline' https://cdn.livechatinc.com/ *.reactandshare.com https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com *.webspellchecker.net use.typekit.net; style-src 'self' 'unsafe-inline' *.reactandshare.com https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs *.googleapis.com *.gstatic.com *.cqc.org.uk *.webspellchecker.net use.typekit.net p.typekit.net; img-src * data: p.typekit.net; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com wss://widget-mediator.zopim.com https://stop-smoking-nhs.zendesk.com https://ekr.zdassets.com https://api.reciteme.com https://feeds.trac.jobs stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.webspellchecker.net performance.typekit.net; media-src 'self' https://static.zdassets.com/web_widget/ https://api.reciteme.com 1 default-src 'self'; script-src 'self' 1 frame-ancestors 'self'; 1 object-src 'self'; 1 default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.aptrinsic.com fonts.googleapis.com; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io fonts.gstatic.com; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io *.aptrinsic.com storage.googleapis.com *.typekit.net; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net *.aptrinsic.com; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com *.aptrinsic.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1 frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://marspulse-s.secure.force.com/ https://survey.mars.com/ https://11639395.fls.doubleclick.net *.doubleclick.net https://stage-promotion.mars.de/PAF/wp/2023-Q2-pedigree-de/ https://aktion.pedigree.de/ https://stage.aktion.pedigree.de https://promotion.mars.de/; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://marspetcare-na.ada.support https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com https://www.facebook.com *.crazyegg.com *.snipp.us https://promotion.mars.de/PAF/wp/2022-Q2-pedigree-de https://cloud.petcare.mars.com/Pedigree_DE_Newsletter https://www.petprofi.de https://marspulse-s.secure.force.com/ https://survey.mars.com/ https://11639395.fls.doubleclick.net *.doubleclick.net https://stage-promotion.mars.de/PAF/wp/2023-Q2-pedigree-de/ https://aktion.pedigree.de/ https://stage.aktion.pedigree.de https://promotion.mars.de/ 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gtm-wnd6vzj-yme0m.uc.r.appspot.com *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.p.teads.tv *.googletagmanager.com *.www.googletagmanager.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com rpxnow.com *.rpxnow.com data:; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.tt.mbww.com *.analytics.neutrogena.com.mx *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.www.youtube.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1 worker-src 'self' 'unsafe-inline' blob: https://www.datadoghq-browser-agent.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com https://mfh-prod.azureedge.net/assurantrenters/home/js/scripts.min.js https://www.datadoghq-browser-agent.com https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://consent.trustarc.com https://mfh-prod.azureedge.net https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com https://optimize.google.com; img-src * 'self' data: https:; child-src https://mfhcms.assurant.com https://www.datadoghq-browser-agent.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://consent.trustarc.com https://mfhcms.assurant.com; frame-src https://consent-pref.trustarc.com https://optimize.google.com https://dispawsusva.inmoment.com 1 default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-e47890447a43de37d97603eb552e75a2' 'nonce-c8e404f020041cd4744be9b605a4d0fc' 'nonce-aece155d376f2c7ffb9cc316817eac6f' 'nonce-0f23e6577e5f5032e73ad0dcc22b387c' 'nonce-a309519666436822a3875d0ad0392d6c' 'nonce-8b64969ca9727e8b319b96a8238fafae' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e47890447a43de37d97603eb552e75a2' 'nonce-c8e404f020041cd4744be9b605a4d0fc' 'nonce-aece155d376f2c7ffb9cc316817eac6f' 'nonce-0f23e6577e5f5032e73ad0dcc22b387c' 'nonce-a309519666436822a3875d0ad0392d6c' 'nonce-8b64969ca9727e8b319b96a8238fafae' 'self' 'unsafe-inline' https: 'report-sample' 1 base-uri 'none'; default-src 'self' https://*.clarity.ms https://c.bing.com https://*.responsetap.com 'unsafe-inline'; child-src 'self' https://www.googletagmanager.com/ns.html https://online.worldpay.com https://www.youtube.com https://e.issuu.com https://widgets.doctify.co.uk https://www.facebook.com https://*.fls.doubleclick.net https://www.google.com/ https://*.cloudfront.net; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://*.clarity.ms https://*.responsetap.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://sentry.issuu.com https://*.cloudfront.net https://www.facebook.com https://connect.facebook.net/ https://www.google-analytics.com https://www.gstatic.com https://api-ssl.bitly.com https://answerpackvideotranscoded.s3-eu-west-1.amazonaws.com https://answerpackvideotranscoded.s3.eu-west-1.amazonaws.com https://*.infinity-tracking.com https://*.infinity-tracking.net; font-src 'self' https://fonts.gstatic.com https://*.doctify.com data:; form-action 'self' https://kingedwardvii.us8.list-manage.com https://online.worldpay.com https://www.facebook.com; frame-ancestors https://*.kevii.test https://*.kingedwardvii.co.uk; img-src 'self' https://www.cqc.org.uk https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://www.google-analytics.com https://secure.gravatar.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ssl.gstatic.com https://img.youtube.com https://www.facebook.com https://px.ads.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cloudfront.net https://www.veincentre.com https://answerpackvideotranscoded.s3-eu-west-1.amazonaws.com https://answerpackvideotranscoded.s3.eu-west-1.amazonaws.com https://d1x3u0ujszj2dq.cloudfront.net/ https://d32wqyuo10o653.cloudfront.net/ https://*.clarity.ms https://*.bing.com blob: data:; media-src 'self' https://*.cloudfront.net blob: data:; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.cqc.org.uk https://cdn.worldpay.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://tagmanager.google.com https://www.gstatic.com https://www.google.co.uk https://widgets.doctify.co.uk https://connect.facebook.net https://static-ssl.responsetap.com https://metrics.responsetap.com https://static.responsetap.com https://snap.licdn.com https://www.doctify.com https://*.clarity.ms https://*.googletagmanager.com https://*.ytimg.com/ https://e.issuu.com https://*.cloudfront.net https://*.infinity-tracking.com https://*.infinity-tracking.net https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://script.infinity-tracking.com https://www.cqc.org.uk https://googleads.g.doubleclick.net https://snap.licdn.com https://*.responsetap.com https://*.doctify.com https://*.doctify.co.uk https://*.clarity.ms https://maps.googleapis.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://www.cqc.org.uk https://tagmanager.google.com https://*.doctify.com https://*.doctify.co.uk https://*.clarity.ms https://*.mailchimp.com/ https://fonts.bunny.net/css 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 base-uri 'none';child-src 'none';connect-src 'self' api-js.mixpanel.com client.axept.io api.axept.io vitals.vercel-insights.com back.whentocop.fr backend.whentocop.fr whentocop-backend-staging.herokuapp.com wtc-comparator-api.herokuapp.com https://wtc-comparator-api-staging.herokuapp.com www.google-analytics.com www.dwin1.com r.skimresources.com t.skimresources.com stockx.pvxt.net electric-vibrant.whentocop.fr backend-staging.whentocop.fr;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' statics.whentocop.fr static.axept.io client.axept.io axeptio.imgix.net s3.eu-west-3.amazonaws.com www.google.com www.google-analytics.com www.awin1.com t.skimresources.com p.skimresources.com t0.gstatic.com t1.gstatic.com t2.gstatic.com t3.gstatic.com logs-01.loggly.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' static.axept.io client.axept.io vitals.vercel-insights.com api-js.mixpanel.com www.googletagmanager.com www.google-analytics.com www.dwin1.com www.dwin2.com d.impactradius-event.com s.skimresources.com cdn.usefathom.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 1 default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com; img-src data: https://*.isidata.net data: https://*.google-analytics.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://*.fontawesome.com; form-action https://*.s3.amazonaws.com https://*.isidata.net 1 default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.lytics.io js.hubspot.com a.omappapi.com js.adsrvr.org builder.lift.acquia.com js.usemessages.com connect.facebook.net cookie-cdn.cookiepro.com js.hs-scripts.com fast.wistia.net maps.googleapis.com protect-us.mimecast.com snap.licdn.com js-agent.newrelic.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.gstatic.com tpc.googlesyndication.com www.google.com fast.wistia.net app.wistia.com bh.contextweb.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' builder.lift.acquia.com *.lytics.io a.omappapi.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: pagead2.googlesyndication.com *.lytics.io *.adsrvr.org *.hsappstatic.net *.hubspot.com *.omappapi.com embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.am *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' c.lytics.io vimeo.com match.adsrvr.org insight.adsrvr.org *.hs-sites.com *.hubspot.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net fast.wistia.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net *.omappapi.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.googlesyndication.com *.omappapi.com notify.bugsnag.com sessions.bugsnag.com us.perz-api.cloudservices.acquia.io *.ucweb.com hubspot-forms-static-embed.s3.amazonaws.com fast.wistia.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'self' 'unsafe-inline' update.webedition.org *.cookiebot.com *.cookiebot.eu *.vditz.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.twitter.com; style-src 'self' *.googleapis.com 'unsafe-inline'; img-src data: 'self' *.ytimg.com *.vimeocdn.com *.gstatic.com *.googleapis.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.cookiebot.com *.cookiebot.eu *.googleapis.com stats.vditz.com; base-uri 'self'; media-src blob: 'self' *.youtube.com *.vimeo.com; frame-src 'self' update.webedition.org *.qt.eu *.cookiebot.com *.cookiebot.eu *.vditz.com *.google.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.twitter.com; object-src 'none'; frame-ancestors 'self'; 1 default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src 'self' data:; style-src 'unsafe-inline' https:; font-src 'self' https: data:; object-src https://planificador.santillana.com.ec/ 'self'; frame-src https://www.google.com/ https://planificador.santillana.com.ec/ 'self'; media-src 'self'; 1 reflected-xss block 1 'self' www.aksandik.org 1 default-src 'self' 'unsafe-inline' widget.billig-tanken.de googleads.g.doubleclick.net pagead2.googlesyndication.com 'unsafe-eval' 1 default-src 'self' *.optimizely.com wss://*.hotjar.com https: s.webtrends.com survey.bosch.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1 policy-uri /'unsafe-inline' 1 base-uri 'self' https://myprio.com https://www.myprio.com https://prio.pt https://www.myprio.pt https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com https://tile.openstreetmap.org; child-src 'self' https://www.googletagmanager.com gap:; frame-src 'self' https://www.googletagmanager.com gap:; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap:; default-src 'self' https://shellfirst.pt https://tile.openstreetmap.org https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org data:; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://shellfirst.pt https://www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://tile.openstreetmap.org gap: data: blob:; media-src https://tile.openstreetmap.org; object-src https://www.googletagmanager.com https://tile.openstreetmap.org; plugin-types https://www.googletagmanager.com; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://tile.openstreetmap.org gap: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tile.openstreetmap.org 'unsafe-inline'; frame-ancestors 'self' https://shellfirst.pt https://www.shellfirst.pt www.shellfirst.pt https://www.gstatic.com https://static3.avast.com https://www.googletagmanager.com gap:; report-uri 'self' /SecurityUtils/rest/Report/ReportViolations?Params=dMKSGramHhD2rZP695yqRVPe4cKspO2Eug36F1jxDd%2FTNeJ%2FmKyW%2Bt4rxScnZ2Y62Qn3zpjxms5sGn17JJ7Jdw%3D%3D; 1 base-uri 'self'; child-src 'self' data: www.youtube.com gap:; frame-src 'self' data: www.youtube.com gap:; connect-src 'self' www.google-analytics.com botbuilder.labiba.ai; default-src 'self' data: gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data: blob:; media-src * data:; object-src 'self'; script-src 'self' data: botbuilder.labiba.ai www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=dRcQo7SQ0t7TNkYI1vYQlgueUeVoSWdcsI3o%2BGFIll%2FcdipsKJ1KCSQZ%2BeQqOUt2X3VtQUG9%2FxhRenGP2zpHNw%3D%3D; 1 base-uri 'self'; child-src 'self' gap:; frame-src 'self' gap:; connect-src 'self'; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=OO9MQue3WlOcsHSR8DbEEeKxb0R%2Fd%2B22vfUEyich7qku%2FlL%2FDsWY0fWanin0lzbQN0tUSJFjWlyG9m8a%2FtRPMQ%3D%3D; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.connect.facebook.net *.google.com.br *.google.com *.doubleclick.net *.salesforceliveagent.com *.youtube.com *.appspot.com *.janrain.com *.cloudfront.net *.cookielaw.org d1lqe9temigv1p.cloudfront.net *.googletagmanager.com *.google-analytics.com gtm-wnd6vzj-yme0m.uc.r.appspot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.tillpayments.com gateway.tillpayments.com *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'none'; frame-src 'self' secure.tillpayments.com *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: gateway.tillpayments.com *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1 frame-ancestors 'self'; script-src 'nonce-ce5e05ca624966caeba6e3beec714916' https://www.google-analytics.com https://ssl.google-analytics.com https://pagead2.googlesyndication.com; img-src 'self' https://www.google-analytics.com/ profile.line-scdn.net data: https://cdnjs.cloudflare.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://cbks0.googleapis.com/ https://geo0.ggpht.com/; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; form-action 'self'; manifest-src 'self'; object-src 'self'; media-src 'self'; 1 * 1 script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hsforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com a.opmnstr.com *.hotjar.com *.salemove.com *.glia.com redbook.listerhill.com connect.facebook.net *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com *.typeform.com *.newtonsoftware.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.stripe.com ssl.gstatic.com *.buzzsprout.com *.banzai.org banzai.org *.omappapi.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' a.omappapi.com www.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.groovecar.com listerhill.groovecar.com *.salemove.com *.glia.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; img-src 'self' data: forms.hsforms.com forms-na1.hsforms.com *.craft-cdn.com www.facebook.com *.googletagmanager.com maps.gstatic.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com *.google.com seal.digicert.com i.ytimg.com i.vimeocdn.com *.mapbox.com *.doubleclick.net *.google.com *.google-analytics.com *.analytics.google.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com track.hubspot.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; media-src 'self' data: vimeo.com youtube.com *.youtube.com vimeocdn.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com libs.salemove.com *.gstatic.com *.salemove.com *.glia.com *.listerhill.com; frame-src data: *.hotjar.com *.groovecar.com listerhill.groovecar.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com listerhill.com *.google-analytics.com *.analytics.google.com *.google.com *.stripe.com ssl.gstatic.com *.omappapi.com *.vimeo.com youtube.com *.youtube.com newton.newtonsoftware.com *.buzzsprout.com *.typeform.com *.salemove.com zlcuma.secure.fundsxpress.com banking.apiture.com learnbanzai.com banzai.org zlcuma.banking.apiture.com; font-src 'self' data: *.google-analytics.com *.analytics.google.com *.google.com fonts.gstatic.com *.groovecar.com listerhill.groovecar.com *.salemove.com *.glia.com use.fontawesome.com hello.myfonts.net/count/3b4dc0 cdnjs.cloudflare.com *.listerhill.com *.googleapis.com; connect-src 'self' wss: analytics.google.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.craftcms.com *.salemove.com *.glia.com *.twilio.com vc.hotjar.io api.opmnstr.com ssl.gstatic.com *.omappapi.com *.hotjar.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net api.hubapi.com api.craftcms.com translate.googleapis.com maps.googleapis.com 1 base-uri 'none';child-src 'none';connect-src 'self' region1.google-analytics.com;default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src 'self' www.google.com;img-src 'self' storage.googleapis.com;manifest-src 'self';media-src 'self' storage.googleapis.com;object-src 'none';script-src 'self' www.googletagmanager.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';worker-src 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1 base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com storck.piwik.pro *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv *.googleapis.com *.amplitude.com *.mapbox.com tags.srv.stackadapt.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro *.mikmak.tv *.cloudfront.net *.googleapis.com *.gstatic.com ad.doubleclick.net adservice.google.com adservice.google.de cdn.filestackcontent.com *.amazonaws.com *.albertsons-media.com adservice.google.us assets.mikmak.workers.dev; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com *.mikmak.tv *.googleapis.com tags.srv.stackadapt.com *.mapbox.com; connect-src 'self' data: *.storck.com storck.piwik.pro *.mikmak.tv *.cloudfunctions.net *.googleapis.com *.amplitude.com *.mapbox.com tags.srv.stackadapt.com; font-src 'self' data: *.storck.com *.gstatic.com 4307249.fls.doubleclick.net; frame-src 'self' data: 4307249.fls.doubleclick.net di.rlcdn.com; frame-ancestors 'self'; form-action 'self'; 1 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://bat.bing.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/com/ https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js 'nonce-170180740146800' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://px.ads.linkedin.com https://tr.snapchat.com/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ ; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1 default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de *.readspeaker.com; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bsgweb-editor-kkn2.prod.gsb.zd.in.bund.de piwik.itzbund.de *.facebook.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.neu content.adfox.ru *.googleapis.com *.yandex.net *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru ucscards.ru; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru 1 script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://merchants.niftepay.pk https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://merchants.niftepay.pk; report-uri /report-csp-violation 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /report-csp-violation 1 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com 'self' https: *.junkers-bosch.es; media-src 'self' https: mycliplister.com; font-src data: *.hotjar.com wss://*.hotjar.com 'self' *.junkers-bosch.es; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' *.junkers-bosch.es; script-src dock.ui.bosch.tech https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: it.documents.junkers.com; frame-ancestors 'self' http://fs52-buderus-dev.kittelberger.net 1 default-src 'self' *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de ; media-src 'self' multimedia.gsb.bund.de www.quirksmode.org www.destatis.de *.zensus2022.de; child-src *.ims-cms.net ; img-src 'self' data: *.itzbund.de *.zensus2022.de; connect-src 'self' *.itzbund.de *.zensus2022.de; frame-ancestors 'self'; upgrade-insecure-requests; 1 default-src vat9eh4iwa.execute-api.us-east-2.amazonaws.com analytics.google.com *.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' builder.lift.acquia.com connect.facebook.net snap.licdn.com tags.tiqcdn.com unruffled-shannon-1a7413.netlify.app www.google-analytics.com www.googleadservices.com www.googletagmanager.com endpoint2.mathilde-ads.com *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com pixel.sitescout.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ftp.mathilde-ads.com *.cloudfront.net *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net cdn.linkedin.oribi.io vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com; img-src 'self' data: www.google.com.pa www.multibank.com.pa googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com ftp.mathilde-ads.com *.cloudfront.net *.mathilde-ads.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudfront.net lv5wzylf7h.execute-api.us-east-2.amazonaws.comvat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com googletagmanager.com; media-src 'self'; frame-src 'self' *.mathilde-ads.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com www.multibank.com.pa; connect-src 'self' adservice.google.com collect.tealiumiq.com mbpasxv7.staticmon.com notify.bugsnag.com opensheet.elk.sh sessions.bugsnag.com us-east-1-decisionapi.lift.acquia.com www.google-analytics.com stats.g.doubleclick.net endpoint2.mathilde-ads.com lv5wzylf7h.execute-api.us-east-2.amazonaws.com cdn.linkedin.oribi.io vat9eh4iwa.execute-api.us-east-2.amazonaws.com augusta-multibank-pro-providers-landing.s3.amazonaws.com leadgenios.net mcusercontent.com region1.analytics.google.com analytics.google.com/g/collect; report-uri /es/report-csp-violation 1 object-src 'self'; img-src 'self' data: https:; media-src 'self'; font-src 'self' https://herthundbuss.com/; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com/ https://herthundbuss.com/; 1 default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src 'self' 'unsafe-inline' ; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /emea/report-csp-violation 1 base-uri 'self'; child-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; frame-src 'self' data: gap: https://oppwa.com/ https://www.google.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.youtube.com/ https://www.youtube.com; connect-src 'self' https://www.google-analytics.com/g/ https://oppwa.com/ https://appleid.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://lusiadas-staging.agentifai.com/ wss://lusiadas-staging.agentifai.com/ https://exames.maislusiadas.pt/ https://maps.googleapis.com/ https://region1.google-analytics.com/ https://region1.google-analytics.com/g/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.google-analytics.com/g/ https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.; default-src 'self' data: gap: https://googletagmanager.com/gtag/js https://maislusiadas.pt https://maps.googleapis.com/maps/api/js https://maislusiadas.pt/favicon.ico https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://storage.googleapis.com/ https://fonts.gstatic.com/ https://exames.maislusiadas.pt/; img-src 'self' data: https://maps.gstatic.com https://maislusiadas.pt/Portal https://oppwa.com/ https://www.facebook.com https://*.googleapis.com https://*.ggpht https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://exames.maislusiadas.pt/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.lusiadas.pt/ https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google. blob:; script-src 'self' data: https://www.apple.com https://appleid.cdn-apple.com https://idmsa.apple.com https://gsa.apple.com https://idmsa.apple.com.cn https://signin.apple.com https://appleid.cdn-apple.com https://maps.googleapis.com https://oppwa.com/ https://onlinepayments.pt/ https://connect.facebook.net https://maps.gstatic.com https://www.googletagmanager.com/ https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://storage.googleapis.com/ https://exames.maislusiadas.pt/ https://www.googleadservices.com/ https://ads.google.com/ https://www.google-analytics.com/ https://*.googletagmanager.com https://*.googletagmanager.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https://oppwa.com/ https://www.google.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://maislusiadas.pt/ https://fonts.googleapis.com/ https://exames.maislusiadas.pt/ 'unsafe-inline'; frame-ancestors 'self' data: gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=67IMtCyaCBQVgfUMqAcl5Q5JTI5xKc6oYMV9i3yuGngc9DqttdQyU4dOlvQhZtpysZghgF0VvxLBm5RMNF9Sbg%3D%3D; frame-src 'self' gap: https://maislusiadas.pt/ https://exames.maislusiadas.pt/ 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.net *.googleapis.com youtube.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com *.doubleclick.net *.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.siteimprove.net *.curator.io *.google.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com curator-assets.b-cdn.net *.googletagmanager.com *.google.com.au *.google.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com *.google.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be *.siteimprove.com *.facebook.com td.doubleclick.net; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net *.siteimprove.com api.curator.io *.addthis.com *.pingdom.net maps.googleapis.com *.google.com *.googlesyndication.com; report-uri /report-csp-violation 1 frame-src 'self' https://content.dionglobal.in https://www.youtube.com; child-src 'self' https://content.dionglobal.in https://www.youtube.com 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 1 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net chatbot.it.bund.de www9.idev.nrw.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de www9.idev.nrw.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events chatbot.it.bund.de doo.net/de-de/widget/ www9.idev.nrw.de *.arcgis.com data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; frame-ancestors 'self'; 1 default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 1 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; report-uri /report-csp-violation 1 default-src 'self' *.optimizely.com https: s.webtrends.com *.mycliplister.com; media-src 'self' *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 1 frame-ancestors 'self' piwik.betaalvereniging.nl; 1 default-src 'self' *.prd-gb-01.intelliflo.net *.gb.intelliflo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://libs.salemove.com/ https://libs.salemove.com/visitor/ https://api.salemove.eu/salemove_integration.js *.intelligent-office.net *.prd-gb-01.intelliflo.net *.gb.intelliflo.net cdn.walkme.com ec.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net papi.walkme.com https://intelliflo-community.force.com/iOcomm/ https://intelliflo.my.site.com/iOcomm/ https://intelliflo.my.salesforce.com/lightning/ https://static.lightning.force.com/ https://*.la1-c2-lo2.salesforceliveagent.com/content/ https://service.force.com/embeddedservice/ https://intelliflo.my.salesforce.com/embeddedservice/ https://*.la1-c2-lo2.salesforceliveagent.com/chat/rest/ client.rum.us-east-1.amazonaws.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.walkme.com https://libs.salemove.com/ https://intelliflo-community.force.com/iOcomm/ https://intelliflo.my.site.com/iOcomm/ https://service.force.com/embeddedservice/; img-src 'self' 'unsafe-eval' 'unsafe-inline' ec.walkme.com papi.walkme.com s3.walkmeusercontent.com cdn.walkme.com *.amazonaws.com data: *.prd-gb-01.intelliflo.net *.gb.intelliflo.net; media-src 'self'; frame-src https: iodta:; font-src 'self' data: *.sfdcstatic.com https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.woff https://c1.sfdcstatic.com/etc/clientlibs/sfdc-aem-master/clientlibs_base/fonts/SalesforceSans-Regular.ttf; connect-src 'self' *.prd-gb-01.intelliflo.net *.gb.intelliflo.net *.amazonaws.com https://kluster.salemove.eu/engagement_signaler/longpoll wss://kluster.salemove.eu/engagement_signaler/websocket https://api.salemove.eu/sites/ https://api.salemove.eu/engagements/ https://api.salemove.eu/visitor_config wss://pubsub.salemove.eu/notifications/websocket https://pubsub.salemove.eu/notifications/longpoll https://client-logger.salemove.eu/ wss://*.prd-gb-01.intelliflo.net *.gb.intelliflo.net ec.walkme.com cdn.walkme.com papi.walkme.com https://intelliflo-community.force.com/iOcomm/ https://*.la1-c2-lo2.salesforceliveagent.com/chat/rest/; 1 base-uri 'self'; form-action 'self' data: *.mucf.se trk.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com *.mucf.se *.cloudnet.cloud *.vimeo.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.mucf.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net *.ytimg.com; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.ungidag.se *.mediaflowpro.com blob: stats.mucf.se stats.c4223.cloudnet.cloud *.ungidag.se *.mucf.se; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.ungidag.se *.mucf.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob: *.mucf.se *.ungidag.se; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com *.ungidag.se; report-uri /report-csp-violation; upgrade-insecure-requests 1