Values for x-webkit-csp:
default-src 'self' 53
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 27
default-src 'self'; script-src 'self' 'unsafe-inline' 27
report-uri /report-csp-violation 25
report-uri /report-csp-violation; upgrade-insecure-requests 24
default-src 'self' 'unsafe-inline' 17
allow 'self'; 14
frame-ancestors 'none' 12
frame-ancestors 'self' 10
referrer origin 10
frame-ancestors 'self'; report-uri /report-csp-violation 7
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com *.bitdefender.co.jp bitdefender.co.jp new.bitdefender.co.uk store.bitdefender.com bitdefender-html.test 7
default-src * 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 6
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 5
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 5
frame-ancestors 'self' *.sncf-connect.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 5
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4
frame-ancestors https://*.canalplus.com https://*.canal-plus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 https://*.canalplus.com:3000 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net; report-uri /report-csp-violation 4
frame-ancestors 'self' weleda.sabio.de 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 4
frame-ancestors https://*.dondominio.com https://*.mrdomain.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3
connect-src * 'self' 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3
default-src 'self'; 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.youtube.com *.fbcdn.net *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com *.multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 3
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3
default-src *.hotjar.com wss://*.hotjar.com 'self' http: bott-tc.nautilus https: vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus foerderrechner.bosch-thermotechnology.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' data: script.hotjar.com fonts.gstatic.com www.bosch-easycontrol.com www.heizung-steuern.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 3
default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net base-uri 'self'; connect-src 'self' *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://formularbot-fms.bzst.de https://viola-bzst-fms.azr.juacvoe.net; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 3
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/*; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to; frame-src https://www.oldmutual.co.za/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3 https://checkout.flutterwave.com;; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za 3
default-src 'self' '*.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io 'unsafe-inline' 'unsafe-eval' data: 3
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 3
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org 3
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self'; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com https://act.nrdc.org; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dnbweb-editor.preview.kkn.zd.intranet.bund.de *.cloudfront.net jobs.b-ite.com *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net app.sli.do; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern; 2
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de 2
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com www.recaptcha.net; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com members.ahcancal.org; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com *.hotjar.com ahcancal.wufoo.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2
default-src 'self' data: blob: https: *.boschtools.com  *.mycliplister.com *.hotjar.com *.linkedin.com a19948120449.cdn.optimizely.com 10097804.fls.doubleclick.net adservice.google.com adservice.google.de ad.doubleclick.net errors.client.optimizely.com logx.optimizely.com px.ads.linkedin.com visitor-service-eu-central-1.tealiumiq.com; font-src 'self' data: ; object-src data: 'self' gallery.sprinklr.com ; img-src https: data: blob: scontent-iad3-2.cdninstagram.com scontent.cdninstagram.com thumb.sprinklr.com collect.tealiumiq.com gwmtracking.com pbs.twimg.com; style-src 'self' 'unsafe-inline' https: 10097804.fls.doubleclick.net gallery.sprinklr.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com gallery.sprinklr.com bosch-tools-resultpage.com cvg-bosch.widget.custhelp.com s.webtrends.com tags.tiqcdn.com cdn.optimizely.com cdn.pricespider.com platform.twitter.com snap.licdn.com 2
frame-ancestors 'self' mein.kabelplus.at newapp.etracker.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
report-uri /admin/config/system/seckit/csp-report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.ytimg.com *.googleapis.com *.putnam.com *.typekit.net *.rackcdn.com *.ensighten.com *.brightcove.net *.brightcove.com *.google-analytics.com *.liveperson.net *.bing.com *.bizographics.com *.gigya.com *.googlecode.com *.morningstar.com *.linkedin.com *.putnaminv.com *.highcharts.com *.jQuery.com *.jquery.org *.adobe.com *.jqueryui.com *.cloudflare.com *.livelook.com *.livelook.net *.facebook.net *.licdn.com *.zencdn.net *.lpsnmedia.net *.googletagmanager.com tagmanager.google.com *.ads-twitter.com *.twitter.com *.yimg.com sp.analytics.yahoo.com www.youtube.com www.instagram.com shop.pe shopper.shop.pe *.cloudfront.net addshoppers.s3.amazonaws.com bcbolt446c5271-a.akamaihd.net www.google.com www.gstatic.com cdn.jsdelivr.net up.pixel.ad pixel.sitescout.com munchkin.marketo.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.zencdn.net *.brightcove.net *.brightcove.com *.putnam.com blob: data:; frame-ancestors *.putnam.com *.seismic.com *.fundvisualizer.com; 2
upgrade-insecure-requests 2
2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 2
default-src 'none'; worker-src 'self' www.youtube.com *.cookiebot.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com www.googletagmanager.com  ssl.google-analytics.com www.google-analytics.com apis.google.com ajax.googleapis.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' *.linqhost.nl www.google.nl ssl.google-analytics.com www.google-analytics.com www.gstatic.com qcqcdn.com data: www.google.com www.googletagmanager.com stats.g.doubleclick.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com  data: ; frame-ancestors 'none'; base-uri 'self' ; form-action 'self'; frame-src *.cookiebot.com *.youtube.com *.google.com; connect-src www.google-analytics.com stats.g.doubleclick.net consentcdn.cookiebot.com ; report-uri https://linqhost.report-uri.com/r/d/csp/enforce; 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 2
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/;img-src 'self' data: *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2
policy-uri /'none' 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' *.mytolino.com data: *.pageplace.de *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com 'unsafe-inline' 2
deafult-src 'self' 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do; img-src 'self' data:  *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com *.sli.do player.vimeo.com; frame-ancestors 'self'; 2
default-src 'self' ; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 2
default-src wss://*.hotjar.com 'self' http:  https: bott-fs.kittelberger.net *.bosch-thermotechnology.com *.bosch-thermotechnology.us *.bosch-thermotechnology.com.au *.bosch-thermotechnology.co.nz s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com ; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src data: 'self' www.bosch-thermotechnology.us bosch-thermotechnology.us fonts.gstatic.com static.ecorebates.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' www.bosch-thermotechnology.us bosch-thermotechnology.us static.ecorebates.com cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs *.emmezeta.si emmezeta.si; 2
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 2
style-src 'self' 'unsafe-inline'; script-src 'self' 2
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://static.b4healthonline.com https://static2.b4healthonline.com  2
default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline';  1
policy-uri /parivahan//'self' 1
default-src 'self'; object-src 'none'; block-all-mixed-content; script-src 'self' 'nonce-c8782560-21a1-47ec-ba88-690c093044d9' https://*.groww.in/ wss://*.groww.in/ wss://groww.in/ https://*.freshchat.com/ https://*.webengage.com/ http://cdn.widgets.webengage.com/ https://connect.facebook.net/ https://*.razorpay.com/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://storage.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://www.google-analytics.com/ https://ssl.google-analytics.com https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.google.com/ https://www.google.co.in/ https://fonts.googleapis.com/ https://www.youtube.com/ https://www.youtube.com/iframe_api https://www.youtube-nocookie.com/ https://*.ingest.sentry.io; img-src 'self' data: blob: https://groww.in/ https://*.groww.in/ https://img.youtube.com/ https://i.ytimg.com https://i3.ytimg.com https://s3.amazonaws.com/cdn.freshdesk.com/ https://viewlogo.s3.amazonaws.com/ https://wchat.freshchat.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.googleusercontent.com/ https://www.google.com/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect https://www.google.co.in/ads/ga-audiences https://*.ingest.sentry.io; style-src 'self' https://*.groww.in/ 'unsafe-inline' https://accounts.google.com https://wchat.freshchat.com/; font-src 'self' https://*.groww.in/ data:; connect-src 'self' data: blob: https://*.groww.in/ wss://*.groww.in/ wss://groww.in/ https://*.webengage.com/ https://*.bugsnag.com/ https://*.razorpay.com/ https://*.delighted.com/ https://accounts.google.com https://www.google-analytics.com/ https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://groww.in/wp-json/wp/v2/pages https://groww.in/wp-json/wp/v2/posts https://groww.in/wp-json/wp/v2/categories https://groww.in/wp-json/wp-custom/v1/recent-posts https://groww.in/wp-json/wp/v2/redirections https://groww.in/wp-json/wp/v2/updates https://groww.in/wp-json/wp/v2/stocks-in-news https://*.googleapis.com/ https://*.ingest.sentry.io; frame-src 'self' https://*.webengage.co https://*.google.com/ https://www.youtube.com/ https://www.facebook.com https://*.groww.in/ wss://groww.in/ wss://*.groww.in/ https://wchat.freshchat.com/ https://growwapi.firebaseapp.com/ https://www.youtube.com/embed/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.ingest.sentry.io; media-src https://*.groww.in/ blob: 1
base-uri 'none'; default-src 'none'; script-src 'self' 'strict-dynamic' https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com 'nonce-c68fc73e54c2251cd5d6b3ef6475f834a69d6b6f28c5' 'nonce-fb00a4fd78085fdae7a33a6ccfe45339ddaf819dde2a' 'nonce-abef9b7b7833e884dcd4c0b26b55a3637bb410f2d321' 'nonce-eae9ea7f3c6e465b1d9659e8aea0cfc7d80ca09faab2' 'nonce-16a29a444dd1e72a4b4c41c21479cb3b93a4b765eec9' 'sha256-Izuaqj8IASWeIQNMSUxTAu1xfVkuxZoh0HWp2vXWmUw=' 'sha256-S8ATmooPrdQ2Nay6tf/47R9k0cAO7UBRkHxsOAoBYRo=' 'sha256-XAx0QTkeSMxVYPyFrbBVIhj8CvKfaJdR3Qo0gvrp16k=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI=' 'sha256-RGXYkM5eJnPMRMF6GxqO4fwBZJ/0smjrg583vrlggxY=' 'sha256-BPN1prcoxE8YZc+BJbj+01KDy+hnAfk8B9aj+H5nFh4=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'nonce-1f7d59ca1136d01448ebc3599085145bd909af8b25c1' 'nonce-c04e07c3e1b97147f94c93b59efa6725a362a776ba69' 'nonce-cc2092fad68aa8a8715568ec5cd0c9be12e1e1a373d9' 'nonce-1706f653a8712da510196d9d4b7ffa0e79ef582d5b23' 'nonce-73ad5cc0926bc1b29cb2cf69a4d35ee468e341df9868'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; frame-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de covapp.charite.de covapp-rki.hpsgc.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors *.prod.gsb.rki.in.bund.de piwik.itzbund.de *.facebook.com 1
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-WmNMxxhiV6b1jhxpahaRhnC4AcCidQzlTMRFks3G2GztTLKL'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; prefetch-src 'self' *.boltdns.net *.googleapis.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com cdn.mouseflow.com o2.mouseflow.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com bat.bing.com/bat.js connect.facebook.net static.ads-twitter.com *.twitter.com snap.licdn.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net bat.bing.com static.ads-twitter.com t.co px.ads.linkedin.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com https://us.aicpa.org/bin/aicpaorg/uca?command=logout assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net o2.mouseflow.com players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com bat.bing.com *.facebook.com *.google.com trustspot.io *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.ceros.com *.google.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 1
default-src 'self'; connect-src 'self' https://*.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.browsealoud.com https://*.speechstream.net blob: https://en.wikipedia.org https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://www.facebook.com/; script-src 'self' https://*.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://*.browsealoud.com https://*.speechstream.net 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://apis.google.com https://*.intercom.io https://js.intercomcdn.com https://analytics.twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ 'nonce-165295301451600' ; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic.dev.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com; img-src * data: https://optimize.google.com https://script.hotjar.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic.dev.texthelp.com https://www.facebook.com https://*.speechstream.net; frame-src https://www.youtube.com https://mautic.dev.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 1
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu endpoint-app.cognigy.ai wss://endpoint-app.cognigy.ai 'unsafe-inline' 'unsafe-eval' ; media-src 'self' *.avm.de blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  1
report-uri /main/report-csp-violation; upgrade-insecure-requests 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru *.yoomoney.ru yookassa.ru geoadv-partner.yandex.ru *.yandex.ru *.yandex.net h.online-metrix.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com *.jivo.ru webhost1.bitrix24.ru *.roistat.com cfv4.com qoopler.ru; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 1
default-src 'none'; style-src 'self' use.typekit.net p.typekit.net cdn.embedly.com cdn.integromat.com fonts.googleapis.com 'unsafe-inline' cdn.integromat.com www.integromat.com static.integromat.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: use.typekit.net script.hotjar.com cdn.embedly.com fonts.gstatic.com cdn.integromat.com fonts.gstatic.com; img-src 'self' data: *.integromat.com secure.gravatar.com usage.trackjs.com stats.g.doubleclick.net www.google-analytics.com img.youtube.com www.youtube.com www.facebook.com t.co script.hotjar.com twitter.com self cdn.cookielaw.org www.google.at www.google.be www.google.com www.google.cz www.google.de www.google.fi www.google.fr www.google.hr www.google.hu www.google.net www.google.org www.google.pl www.google.ro www.google.ru www.google.si www.google.sk www.google.ie www.gooogle.com www.images.google.ci www.images.google.as www.images.google.at www.images.google.be www.images.google.com www.images.google.de www.images.google.fr www.images.google.hr www.images.google.net www.images.google.pl www.images.google.ro www.images.google.ru www.images.google.sk www.images.gooogle.com www.translate.google.com www.translate.googleusercontent.com www.webcache.googleusercontent.com cdn.integromat.com static.integromat.com www.google.com api.producthunt.com; connect-src 'self' *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.mixpanel.com www.google-analytics.com stats.g.doubleclick.net api-cdn.embed.ly api.segment.io *.make.com cdn.cookielaw.org geolocation.onetrust.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src 'self' www.facebook.com www.youtube.com vars.hotjar.com cdn.embedly.com frame.hotjar.com vars.hotjar.com; script-src 'self' www.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com static.hotjar.com script.hotjar.com cdn.mxpnl.com cdn.embedly.com cdn.segment.com cdn.integromat.com cdn.cookielaw.org cdn.integromat.com static.integromat.com code.jquery.com static.hotjar.com script.hotjar.com www.googletagmanager.com 'unsafe-inline'; object-src 'self'; media-src 'self' cdn.integromat.com; manifest-src 'self' cdn.integromat.com; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors *.payback.de 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de *.atlas.geomer-maps.de *.app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com doo.net piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js; img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=GsGWr%2FKTh0RUuqfCk3HewT6n4vw%2FOVe9NEWYNMvJaddZPJl1EYhqsO1ePbhh1fF8%2B%2Fj81sytB6MkdAhyj43lIA%3D%3D; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de www.youtube.com s.ytimg.com; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; media-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.youtube.com; child-src pei-portal.rexx-systems.com piwik.itzbund.de www.youtube.com abvl-public.pei.de; font-src 'self'; img-src 'self' data: *.honcode.ch piwik.itzbund.de; frame-ancestors 'self' PEIWeb-editor.preview.gsb.intranet.bund.de pei-portal.rexx-systems.com; 1
default-src wss://endpoint.chatbot-suite.bosch.tech 'self' https: *.optimizely.com wss://*.hotjar.com *.tealiumiq.com stats.g.doubleclick.net *.bosch-professional.com ; media-src data: 'self' *.mycliplister.com mycliplister.com *.bosch.com bosch.com *.bosch.de bosch.de *.youtube.com ; font-src 'self' static.bosch-professional.com *.commerce-connector.com tiger-cdn.zoovu.com *.cloudfront.net boschru.webim.ru *.bosch.com bosch.com *.bosch.de bosch.de gstatic.com fonts.gstatic.com data: ; object-src data: 'self'; img-src https: *.tealiumiq.com data: blob: ; style-src *.commerce-connector.com 'self' 'unsafe-inline' tiger-cdn.zoovu.com static.bosch-professional.com btm.bosch.com cdn.poll-maker.com ; script-src dynamicyield.com *.dynamicyield.com https: *.optimizely.com 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com *.bosch.com bosch.com *.bosch.de bosch.de *.google-analytics.com google-analytics.com ipinfo.io ; frame-src 'self' https: 1
script-src 'nonce-f26c32a449024c7f8a9adf49f77308c8' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors bghweb-editor.preview.gsb.intranet.bund.de piwik.itzbund.de 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src https:; script-src 'self' 'nonce-Ts5g9spi3APhbsDX62WN9r3wohy6o/mr' https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; style-src 'self' 'nonce-f8zA33LmC++DZTp1MhwNGzSYVO7qhdR/' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' images.gog-statics.com; media-src 'self'; child-src 'none'; font-src 'self'; connect-src 'self' https://api.gog.com; frame-src https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 1
frame-ancestors https://s.hongleongconnect.my https://hlbmc.demdex.net https://8791613.fls.doubleclick.net/ https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.amazon.de https://dvj5x88797nbe.cloudfront.net https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://*.media-amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://dvj5x88797nbe.cloudfront.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://*.amazon.com https://cognito-identity.us-east-1.amazonaws.com https://dataplane.rum.us-east-1.amazonaws.com https://prod.tools.shortbread.aws.dev https://prod.log.shortbread.aws.dev https://sts.us-east-1.amazonaws.com https://amazonwebservices.d2.sc.omtrdc.net https://dpm.demdex.net https://aws.demdex.net https://cm.everesttech.net https://*.amazonpay.com https://apac.account.amazon.com https://vs.aws.amazon.com/ https://d2c.aws.amazon.com/ https://na.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://cdn.aws.training https://prod.us-east-1.search.avalon.aws.dev https://7m5y5tkfr5.execute-api.us-east-1.amazonaws.com https://ftj9wpwlq4.execute-api.us-east-1.amazonaws.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training https://dvj5x88797nbe.cloudfront.net; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de https://support.aws.training; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net https://*.payments-amazon.com https://*.amazon.com https://*.amazon.co.uk https://*.amazon.co.jp https://*.amazon.de https://*.amazonpay.com; default-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.w3.org https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://vro.housing.gov.sa https://www.gstatic.com https://code.jquery.com https://maps.googleapis.com https://cdn.mouseflow.com https://fonts.googleapis.com https://developers.google.com https://sakani.housing.sa https://maps.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.ejar.sa https://img.youtube.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.ckeditor.com https://www.google.com.sa https://mobile.ejar.sa http://www.ejar.sa https://www.youtube.com/; report-uri /ar/report-csp-violation 1
: default-src * 1
child-src 'self' 3speak.tv emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://api.openhive.network https://hivesigner.com https://hived.hive-engine.com https://api.followbtcnews.com https://rpc.esteem.app https://api.pharesim.me https://hive.roelandp.nl https://hived.privex.io https://hive.3speak.online https://rpc.ausbit.dev https://api.hivekings.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://api.ha.deathwing.me *.ibytedtos.com wss://hive-auth.arcange.eu; default-src 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com cdn.embedly.com; frame-ancestors 'none'; frame-src 'self' https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com github.githubassets.com *.tiktokcdn.com *.ttwstatic.com; report-uri /api/v1/csp_violation 1
default-src 'self' https://widget-v4.tidiochat.com; style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://sp.analytics.yahoo.com https://api.midtrans.com https://stats.g.doubleclick.net https://fcm.googleapis.com *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://websdk.appsflyer.com https://maps.googleapis.com https://googleapis.com blob: https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://cdnjs.cloudflare.com https://www.google.com https://js.xendit.co/v1/xendit.min.js 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com *.sentry-cdn.com https://www.instagram.com/embed.js https://code.tidio.co https://widget-v4.tidiochat.com https://js.appboycdn.com; img-src 'self' https://*.google.co.in https://*.google.co.id https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com http://www.linkdokter.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://js.xendit.co/v1/xendit.min.js https://www.gstatic.com https://px.ads.linkedin.com https://p.adsymptotic.com https://twemoji.maxcdn.com https://s3.eu-west-1.amazonaws.com https://tidio-images-messenger.s3.amazonaws.com; connect-src 'self' https://pinimg.com https://*.cloudfront.net http://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://sentry.io https://fcm.googleapis.com *.midtrans.com *.xendit.co *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com http://gcp.stage.halodoc.com http://gcp.prod.halodoc.com https://web.prod.halodoc.com http://localhost:14000 https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event https://js.xendit.co/v1/xendit.min.js https://api.xendit.co *.sentry.io https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co wss://sentry-new.tidio.co wss://socket.tidio.co wss://api-v2.tidio.co https://sdk.iad-05.braze.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:; object-src 'self' https://*.cloudfront.net http://*.cloudfront.net; frame-src * 1
policy-uri /'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://codero.com https://*.codero.com https://codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com https://*.gstatic.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; img-src * 'self' data: https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; font-src * 'self' data:; media-src * 'self' https://*.cloudflare.com https://*.force.com https://*.hotjar.com https://secure.trust-provider.com https://*.sharethis.com https://platform.twitter.com https://connect.facebook.net https://static1.twitcount.com https://*.codero.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://pi.pardot.com https://*.google.com; object-src 'self' data:; prefetch-src 'self'; frame-src * data:; frame-ancestors 'self'; form-action * 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://analytics.google.com https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg blob: https://www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com https://test-gpc-1.sg.va.sabio.cloud s.yimg.com *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.zdassets.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src 'unsafe-inline' data: blob: 'self' https://www.google.com https://www.google-analytics.com adservice.google.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io https://test-gpc-1.sg.va.sabio.cloud https://sg-gmtdmp.mookie1.com https://secure.adnxs.com https://ad.doubleclick.net https://www.talent.com/tracker/img-pixel.php sp.analytics.yahoo.com https://ssl.gstatic.com https://www.gstatic.com; report-uri /csp-report; script-src 'self' blob: 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com www.googletagmanager.com https://www.mycareersfuture.gov.sg https://static.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com https://test-gpc-1.sg.va.sabio.cloud https://cdn-akamai.mookie1.com https://tags.tiqcdn.com https://tagmanager.google.com https://www.googletagmanager.com *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' *.mycareersfuture.gov.sg *.app.gov.sg 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.usercentrics.eu data: *.motel-one.com *.usercentrics.eu; script-src *.motel-one.com 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.adup-tech.com static.ads-twitter.com analytics.twitter.com assets.pinterest.com log.pinterest.com squarelovin.com *.squarelovin.com *.usercentrics.eu; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cdninstagram.com *.squarelovin.com *.google-analytics.com *.doubleclick.net t.co *.adup-tech.com www.facebook.com www.google.de www.google.com *.cx.atdmt.com maps.gstatic.com maps.googleapis.com ssl.gstatic.com www.gstatic.com assets.pinterest.com log.pinterest.com bat.bing.com *.hurra.com *.fbcdn.net image.motel-one.com *.motel-one.com squarelovin.com *.gstatic.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.squarelovin.com squarelovin.com fonts.googleapis.com tagmanager.google.com *.google.com; connect-src 'self' *.motel-one.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.adup-tech.com *.usercentrics.eu maps.googleapis.com; font-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net data: *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com *.doubleclick.net; frame-src 'self' *.motel-one.com *.computop-paygate.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com www.youtube.com cdnjs.cloudflare.com code.jquery.com *.hurra.com *.googleadservices.com *.criteo.com *.criteo.net creativecdn.com *.creativecdn.com *.facebook.net *.doubleclick.net *.licdn.com *.linkedin.com *.facebook.com *.google.de *.adnxs.com *.facebook.com *.bizographics.com *.googlesyndication.com *.bing.com *.adsrvr.org *.cloudfront.net *.sia.eu *.usercentrics.eu assets.pinterest.com log.pinterest.com; 1
img-src * data: blob:; style-src 'self' 'unsafe-inline' assets.adobedtm.com cdn.linearicons.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com shop.spreadshirt.nl ton.twimg.com cdnjs.cloudflare.com code.jquery.com unpkg.com; frame-src 'self' www.youtube.com player.vimeo.com podio.com www.youtube-nocookie.com www.google.com/recaptcha/ www.classmarker.com/ js.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com assets.adobedtm.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com npmcdn.com shop.spreadshirt.nl platform.twitter.com www.google-analytics.com ssl.google-analytics.com www.spreadshirt.nl podio.com static.doubleclick.net cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net app.intercom.io widget.intercom.io js.intercomcdn.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ unpkg.com/leaflet.markercluster@1.4.1/dist/ unpkg.com/leaflet@1.7.1/dist/ js.stripe.com unpkg.com/@popperjs/ unpkg.com/tippy.js@6/; font-src 'self' cdn.linearicons.com fonts.gstatic.com maxcdn.bootstrapcdn.com shop.spreadshirt.nl js.intercomcdn.com ttui.thethingsindustries.com; connect-src 'self' shop.spreadshirt.nl www.thethingsnetwork.org vx.thethings.network api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com webtv.bundestag.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live; frame-ancestors 'self'; 1
frame-src 'self' blob: *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net; font-src 'self' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com; style-src 'unsafe-inline' 'self' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors www.envestnet.com envestnet.com ir.envestnet.com investor.envestnet.com www.investpmc.com; report-uri /report-csp-violation 1
base-uri 'none';child-src 'none';connect-src 'self' *.lottiefiles.com *.myshopify.com *.onetrust.com graphql.datocms.com test.aws.fooropa.com bat.bing.com *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com analytics.tiktok.com *.yotoplay.com;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src player.vimeo.com;img-src 'self' data: 'unsafe-inline' www.datocms-assets.com cdn.shopify.com *.onetrust.com *.blob.core.windows.net ssl.gstatic.com bat.bing.com *.clarity.ms www.facebook.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com www.google.com www.google.co.uk;manifest-src 'self';media-src 'self' cdn.yoto.io cdn.shopify.com;object-src 'none';prefetch-src 'self' *.vimeo.com *.yotoplay.com *.vimeocdn.com *.myshopify.com *.datocms-assets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com *.onetrust.com *.clarity.ms www.facebook.com connect.facebook.net tagmanager.google.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net analytics.tiktok.com www.googleoptimize.com *.yotoplay.com www.dwin1.com app.backinstock.org;style-src * 'self' data: 'unsafe-inline' www.datocms-assets.com tagmanager.google.com fonts.googleapis.com;worker-src 'self'; 1
frame-ancestors 'self' *.buechen.de; 1
frame-src 'self' *.betradar.com *.sportradar.com *.aitcloud.de consentcdn.cookiebot.com vars.hotjar.com www.googletagmanager.com www.youtube.com prod-origin.truendo.com cdn.priv.center *.akamaized.net; frame-ancestors 'self' *.betradar.com *.sportradar.com *.aitcloud.de 1
default-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zortrax.com *.data.zortrax.com *.3dprint.zortrax.com *.wistia.net *.wistia.com googletagmanager.com *.googletagmanager.com  *.tagmanager.google.com *.google-analytics.com *.doubleclick.net *.google.com  *.googleadservices.com *.facebook.net *.cloudfront.net *.doubleclick.net *.livechatinc.com *.googleapis.com *.gstatic.com *.redditstatic.com  static.ads-twitter.com analytics.twitter.com analytics.zortrax.com cf.zortrax.com  ;style-src 'self' 'unsafe-inline' *.zortrax.com *.googleapis.com *.tagmanager.google.com https://tagmanager.google.com/debug/css.css *.fonts.googleapis.com cf.zortrax.com ;img-src 'self' 'unsafe-inline' data: *.zortrax.com *.wistia.net data.zortrax.com *.gravatar.com *.ggpht.com *.ssl.gstatic.com *.wistia.com *.google.com *.google-analytics.com *.google.pl *.doubleclick.net *.facebook.com *.livechatinc.com *.gstatic.com *.googleapis.com *.tagmanager.google.com https://alb.reddit.com   t.co/i/adsct cf.zortrax.com  ;font-src 'self' data: *.livechatinc.com *.googleusercontent.com *.googleusercontent.com *.googleapis.com *.gstatic.com *.zortrax.com *.fonts.googleapis.com *.tagmanager.google.com ;frame-src 'self' 'unsafe-inline' *.livechatinc.com *.wistia.net *.wistia.com *.youtube.com *.facebook.com *.tagmanager.google.com *.googletagmanager.google.com *.upviral.com ;connect-src 'self' bd1.zortrax.com spisakcji.local stats.g.doubleclick.net staging-data.zortrax.com data.zortrax.com http://3dprint.zortrax.com *.wistia.com *.litix.io 3dprint.zortrax.com 3dprinting.local  ws://localhost:3000 *.google-analytics.com *.tagmanager.google.com app.humdash.com api.livechatinc.com  ;media-src 'self' *.zortrax.com zortrax.com *.youtube.com *.livechatinc.com *.youtube-nocookie.com *.wistia.com cdn.zortrax.com cdn1.zortrax.com cdn2.zortrax.com cdn3.zortrax.com *.tagmanager.google.com cf.zortrax.com ;object-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com ;child-src 'self' *.youtube.com *.youtube-nocookie.com *.tagmanager.google.com 1
default-src 'self' zensus-matomo.itzbund.de *.zensus2022.de; base-uri 'self'; style-src 'self' 'unsafe-inline' piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com piwik.itzbund.de zensus-matomo.itzbund.de *.itzbund.de *.zensus2022.de; object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org piwik.itzbund.de www.destatis.de *.zensus2022.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de *.ims-cms.net ; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com https://*.uxtweak.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/ https://*.uxtweak.com https://www.slideshare.net; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.customsearch.ai https://*.google-analytics.com https://*.uxtweak.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /eur/report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.guinness-storehouse.com *.googleapis.com maps.gstatic.com s.adroll.com s.ytimg.com stats.mp.streamamg.com streamuk.secure.footprint.net www.google-analytics.com www.googletagmanager.com www.youtube.com footer.diageohorizon.com cdnjs.cloudflare.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.hotjar.com *.smartlook.com; object-src 'self' https: *.guinness-storehouse.com streamuk.secure.footprint.net; style-src 'self' 'unsafe-inline' https: *.guinness-storehouse.com cloud.typography.com fonts.googleapis.com footer.diageohorizon.com; img-src 'self' data: https: *.guinness-storehouse.com *.googleapis.com *.gstatic.com ads.yahoo.com analytics.twitter.com d.adroll.com dps.bing.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com scontent.cdninstagram.com streamuk.secure.footprint.net t.mookie1.com us-u.openx.net www.facebook.com www.google.com www.google.ie www.tripadvisor.com x.bidswitch.net www.google-analytics.com; frame-src 'self' https: *.guinness-storehouse.com *.worldnettps.com guinnessarchives.adlibsoft.com www.youtube.com vars.hotjar.com; font-src 'self' https: *.guinness-storehouse.com data: fonts.googleapis.com fonts.gstatic.com streamuk.secure.footprint.net; connect-src 'self' https: *.guinness-storehouse.com *.storehousewall.com query.yahooapis.com streamuk.secure.footprint.net *.hotjar.com:* wss://*.hotjar.com *.smartlook.com; media-src 'self' https: *.guinness-storehouse.com ; worker-src 'self' *.guinness-storehouse.com blob: 1
default-src 'self' *.kba.de; base-uri 'self' *.kba.de; style-src 'self' 'unsafe-inline' *.kba.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kba.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' *.kba.de multimedia.gsb.bund.de; media-src 'self' *.kba.de multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.kba.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.kba.de *.google.com *.gstatic.com *.youtube.com; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-qF/kR5oCCUUH35+BR+4tmg==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self'; 1
default-src 'self'; img-src * data:; media-src *; frame-src * data:; font-src *; connect-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self' connect.facebook.net *.facebook.net *.stg.brandwire.in *.mediawire.in *.scorecardresearch.com *.instagram.com *.google-analytics.com *.gstatic.com *.solodev.com *.google.com *.googleapis.com *.indiatimes.com *.timesofindia.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; style-src data: blob: 'unsafe-inline' 'self' *.googleapis.com *.google.com *.instagram.com *.indiatimes.com *.timesofindia.com *.solodev.com *.cloudflare.com *.datatables.net *.brandwire.in *.github.io *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.angularjs.org *.maxcdn.com *.aspnetcdn.com *.twitter.com *.twimg.com jquery.ui.min.js; frame-ancestors 'self' *.indiatimes.com *.timesofindia.com *.economictimes.com *.gadgetsnow.com *.navbharattimes.com etdev8243.indiatimes.com *.timesnownews.com timesnownews.com www.speakingtree.in speakingtree.in maharashtratimes.com vijaykarnataka.com *.samayam.com samayam.com *.idiva.com *.ilnconnect.com *.mensxp.com *.ilnconnect.com *.indiatimes.com 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'self' maps.googleapis.com https://www.google-analytics.com stats.g.doubleclick.net bam-cell.nr-data.net *.hotjar.com 'unsafe-inline'; script-src 'self' https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://snap.licdn.com translate.google.com translate.googleapis.com translate-pa.googleapis.com https://www.googletagmanager.com www.googleadservices.com www.youtube.com https://www.google.com https://sc-static.net https://www.redditstatic.com *.tvsquared.com cdn.callrail.com js.adsrvr.org connect.facebook.net *.hotjar.com *.doubleclick.net https://siteimproveanalytics.com cdn.loop11.com static.addtoany.com use.fontawesome.com js-agent.newrelic.com bam-cell.nr-data.net maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com 'unsafe-inline'; img-src 'self' *.lacare.org img.youtube.com maps.googleapis.com maps.gstatic.com www.gstatic.com www.google-analytics.com www.google.com tn.alphonso.tv insight.adsrvr.org *.tvsquared.com www.facebook.com alb.reddit.com *.doubleclick.net *.siteimproveanalytics.io dpm.demdex.net data:; frame-src www.youtube.com www.google.com memberportal.navitus.com *.lacare.org vars.hotjar.com insight.adsrvr.org; child-src www.youtube.com memberportal.navitus.com *.lacare.org vars.hotjar.com insight.adsrvr.org; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
frame-ancestors 'self' piwik.currence.nl; 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
frame-ancestors *; report-uri /report-csp-violation 1
report-uri https://consolehipay.report-uri.com/r/d/csp/enforce; default-src 'self' *.google-analytics.com *.zdassets.com *.hotjar.com *.google.com *.screeb.app *.typeform.com *.okta.com *.hipay.com; script-src 'self' *.hotjar.com *.zdassets.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.screeb.app 'sha256-qSMb0PEZNwPU889A1H8zPbT23/AN6efiLRLewxFcFJM=' 'sha256-p04ICvhv5V9PJfG9AnM4+4t8eCcdnUhEP7BSwEKl+Es=' 'sha256-iBEn6DembGxmutX/U63Duhs98HIBtU8ALgbjYh+CkZc=' 'sha256-XnoKRrVjyLcX94o+jehk7z3rX+YVSMr4DtslyFpkaPU=' 'sha256-tdBlVQuc2G3oahpbyjaUmy+NEJSNdDZy9L1FSw3rVi0=' https://*.zopim.com; style-src 'self' 'unsafe-inline' maxcdn.icons8.com fonts.googleapis.com *.hotjar.com libs.hipay.com; font-src 'self' maxcdn.icons8.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.appspot.com *.zendesk.com *.zdassets.com user.hipay.com *.hipay.com *.hipay.org *.google-analytics.com wss://*.zopim.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.screeb.app wss://*.screeb.app *.okta.com *.oktacdn.com; img-src 'self' *.amcharts.com *.google-analytics.com *.zendesk.com *.hotjar.com images.weserv.nl *.hipay.com data: storage.googleapis.com twemoji.maxcdn.com *.screeb.app; frame-ancestors 'none' 1
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-e3fe7427dbe0ab6ed633237383d4f485' 'nonce-88c6beb04d18d57f8d66873bd6e394f5' 'nonce-c8a52f5fe82c84eab5203d3bd856ef4e' 'nonce-7ba97704767bd921f293649ac98e052a' 'nonce-542de36d4deee84739eba8f6391ec018' 'nonce-c4df9f9c02175b367342c47b399155cf' 'nonce-7d9d9ffae59b80794c27c1cb07d32d17' 'nonce-6fefd875a5f3435beb23aecfb38b1fdc' 'nonce-b164967c9afd03d08ac71098a51d6a86' 'nonce-dcc57e750f9baafc5e7324a8ecdc09ce' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e3fe7427dbe0ab6ed633237383d4f485' 'nonce-88c6beb04d18d57f8d66873bd6e394f5' 'nonce-c8a52f5fe82c84eab5203d3bd856ef4e' 'nonce-7ba97704767bd921f293649ac98e052a' 'nonce-542de36d4deee84739eba8f6391ec018' 'nonce-c4df9f9c02175b367342c47b399155cf' 'nonce-7d9d9ffae59b80794c27c1cb07d32d17' 'nonce-6fefd875a5f3435beb23aecfb38b1fdc' 'nonce-b164967c9afd03d08ac71098a51d6a86' 'nonce-dcc57e750f9baafc5e7324a8ecdc09ce' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; frame-src 'self'  *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.doctify.com/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'  *.webspellchecker.net/ https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'  https://www.doctify.com/ *.webspellchecker.net/ https://feeds.trac.jobs/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
base-uri 'self' https://d3gcmglegmnvz8.cloudfront.net/; child-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://accounts.google.com/ https://www.google.com/ https://cdn.evgnet.com/ https://*.evergage.com/ gap:; frame-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://chimpstatic.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.googletagmanager.com https://vc.hotjar.io https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.facebook.com/ https://*.hotjar.com/ https://accounts.google.com/ https://www.google.com/ https://cdn.evgnet.com/ https://*.evergage.com/ gap:; connect-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.pinterest.com https://*.nr-data.net https://*.google.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.youtube.com/ https://device.clearsale.com.br https://*.yimg.com/ https://cdn.evgnet.com/ https://*.evergage.com/; default-src 'self' https://*.evgnet.com https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://accounts.google.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://cdn.evgnet.com/ https://*.evergage.com/ 'unsafe-eval' 'unsafe-inline' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.googleapis.com https://d3gcmglegmnvz8.cloudfront.net/ https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://*.gstatic.com https://*.hotjar.com:*; img-src 'self' data: https://madesacms.vteximg.com.br https://*.vteximg.com.br https://*.pinterest.com https://www.gstatic.com https://*.ytimg.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://*.googleusercontent.com https://*.fbsbx.com https://*.geotrust.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ wss://*.hotjar.com/ https://fercos-s3-ecommerce.s3.amazonaws.com/ https://stats.g.doubleclick.net https://accounts.google.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.com.br/ https://www.youtube.com/ blob: blob:; media-src https://d3gcmglegmnvz8.cloudfront.net/; object-src https://d3gcmglegmnvz8.cloudfront.net/; script-src 'self' https://*.useinsider.com https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com/ https://*.list-manage.com https://*.google.com https://*.pinterest.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://*.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://*.facebook.com/ https://*.facebook.net https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.youtube.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.yimg.com/ 'unsafe-eval' 'unsafe-inline' https://cdn.evgnet.com/ https://*.evergage.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.mailchimp.com https://fonts.googleapis.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://www.googletagmanager.com https://vc.hotjar.io https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://cdn.evgnet.com/ https://*.evergage.com/ 'unsafe-inline'; frame-ancestors 'self' https://*.criteo.com https://*.criteo.net https://*.pinimg.com https://*.google.com https://d3rnmg9ftqorin.cloudfront.net https://d3gcmglegmnvz8.cloudfront.net https://bid.g.doubleclick.net https://www.pinterest.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://*.clearsale.com.br https://fercos-s3-ecommerce.s3.amazonaws.com/ https://www.youtube.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Kl3hy2e9xjL%2BwOCUZza2Du4HJpLYGzk4f9YKe%2F6wS0SuW8GwvpNpiju9Ne02JWFOUZ5848cyQDqaewaduoO%2FYw%3D%3D; 1
default-src 'self'; style-src 'unsafe-inline' yandex.st site.yandex.net yastatic.net banners.adfox.ru content.adfox.ru yastat.net *; frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net *; img-src * data:; media-src * data:; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st site.yandex.net yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru oss.maxcdn.com ads.adfox.ru www.google-analytics.com *.googleadservices.com adservice.google.ru adservice.google.com.ua  *.imgsmail.ru *.google.com platform.twitter.com cas.criteo.com *.mail.ru vk.com *.googlesyndication.com *.googletagservices.com adv758968.ru adforce.ru *.doubleclick.net  x1.vinread.net *.zencdn.net mobiads.ru utarget.ru afterview.ru *.vispot.io *.adap.tv *.liverail.com *.spotxchange.com *.buzzoola.com *.advarkads.com *.lkqd.com *.advertising.com static.baza.farpost.ru gstatic.com www.gstatic.com http://thefox.mobi/0dvP/ https://netdna.bootstrapcdn.com https://ajax.googleapis.com *.adsafeprotected.com  idntfy.ru mobuli.info  mobisway.info cnt-count.ru countstat.ru eboundservices.com digital-forest.info s17365.org/rotation.php news.gnezdo.ru btstds.ru cackle.me *.cackle.me www.farpost.ru https://adtags.pro https://*.adtags.pro https://btsds.ru https://*.vrcteam.ru https://*.betweendigital.com https://*.exopay.ru https://s0.2md.net https://fl.imgsniper.com https://static.bulham.com https://*.sape.ru https://safesource.ru https://code.createjs.com https://static.bumlam.com sad2tizer.ru ad.slickjump.com slickjump.com sjsmartcontent.org https://www.googletagmanager.com https://tds.admaxer.ru https://meganotify.com https://notifyday.com *.ttarget.ru *.onlygip.tech *.hybrid.ai *.admediator.ru nativerent.ru *.astraone.io astraone.io *.onlygip.tech onlygip.tech *.afp.ai increaserev.com *.adriver.ru; connect-src an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st site.yandex.net yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *; report-uri /csp.php 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 1
base-uri 'self'; default-src 'self'; child-src https://player.vimeo.com; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://doorbell.io https://*.s3.ap-southeast-2.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://vimeo.com https://player.vimeo.com https://player.vimeo.com; img-src 'self' https://www.google-analytics.com https://ssl.gstatic.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://www.google.co.nz https://*.s3.ap-southeast-2.amazonaws.com https://embed.doorbell.io https://i.vimeocdn.com data:; media-src https://www.youtube.com https://vimeo.com; object-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js https://embed.doorbell.io https://polyfill.io 'sha384-YzQCrEgYx0YMHxd202bqWPvr081aHRPYRk490ivT+/i24ODjLtMfT/e0nhxcgRYf' 'nonce-YzZiMjlkNzBhNzRjZjhjOGI4OGMwYTcxOTQ0ZTc1ZmJkZjZkZWU4NjZmOTEyMmYzMTE2MDA5NzdmMGI2NWFhZDgzN2IxZjJlZWNmYzIyNmY4MDJjNzdmMThiMDdjNjA0NGE1ZmVkODY2NGZjZjc4YTVhNGNiZDhlYmM0OWY0MzQ=' 'unsafe-eval'; style-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://embed.doorbell.io/css/doorbell.min.css https://embed.doorbell.io/css/default.css 'unsafe-inline'; report-uri https://2224ea6b5792825a06d61a0bad9d966b.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.mercadolibre.com https://www.mercadopago.com.ar/integrations/v1/ https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://docs.google.com/spreadsheets/ https://connect.facebook.net https://platform.twitter.com https://*.google.com  https://spreadsheets.google.com/ https://docs.google.com/ https://*.gstatic.com http://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net https://*.utdt.edu https://www.googletagmanager.com https://www.tfaforms.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://www.tfaforms.com https://*.gstatic.com https://docs.google.com/; img-src * data: blob:; font-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; frame-ancestors 'self' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.cityofvancouver.us https://*.cityofvancouver.us https://cityofvancouver.arcgis.maps.com https://signup.e2ma.net https://wd5.myworkday.com https://iframe.publicstuff.com https://vancouver.procureware.com https://vancouver.municipal.codes https://apm.activecommunities.com https://svc.webspellchecker.net https://www.google-analytics.com https://signup-collector.e2ma.net https://connect.facebook.net https://www.facebook.com  translate.googleapis.com; report-uri /report-csp-violation 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net nexus.ensighten.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com nexus.ensighten.com otp.tools.investis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' brightcove.hs.llnwd.net edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' qir.tools.investis.com staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com https://www.youtube-nocookie.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' www.google-analytics.com edge.api.brightcove.com viz.tools.investis.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.geodatenzentrum.de *.kuestendaten.de*.youtube.com; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de *.geodatenzentrum.de *.kuestendaten.de *.youtube.com; object-src 'self'; media-src  'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; child-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.youtube.com; img-src 'self' *.wsv.bund.de *.wsv.de *.bund.de data: *.geodatenzentrum.de web.dlz-it.de www.bafg.de bad.xpertus-service.de elwis.de www.elwis.de *.kuestendaten.de *.youtube.com; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'unsafe-inline' 'self' https://ssl.google-analytics.com/ga.js;  img-src data: blob 'self' http://*.tile.openstreetmap.org/ : 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
img-src 'self' *.norma-online.de *.api.here.com https://www.google-analytics.com https://piwik.norma-online.de https://www.googletagmanager.com data: blob:;, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.norma-online.de *.api.here.com https://piwik.norma-online.de https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://s2.adform.net https://track.adform.net;, object-src 'none';, font-src 'self' https://fonts.gstatic.com/; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
frame-ancestors https://*.deejay.de https://*.vinylfuture.com; 1
default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://code.jquery.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://static.addtoany.com https://maps.google.com https://cdn.jsdelivr.net https://platform.twitter.com https://platform.linkedin.com https://cdn.ckeditor.com https://www.google-analytics.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google-analytics.com https://www.linkedin.com https://www.gstatic.com; img-src 'self' data: https://chart.googleapis.com https://cdn.ckeditor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://platform.linkedin.com https://www.linkedin.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com; frame-src 'self' https://platform.twitter.com https://www.gstatic.com https://www.google.com https://notfound-static.fwebservices.be; font-src 'self' https://themes.googleusercontent.com https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; report-uri /en/report-csp-violation 1
default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; report-to default; report-uri /json/reports.php 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self'  blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com https://www.google-analytics.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com ssl.gstatic.com www.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com; media-src 'self' www.youtube.com soundcloud.com syndication.twitter.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; 1
default-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; referrer no-referrer; style-src 'self' 'unsafe-inline' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com; img-src 'self' *.ebola.cz https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com 1
frame-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://staging-catcheckupchallenge.snipp.us https://staging-dogcheckupchallenge.snipp.us https://marspetcare-na.ada.support https://checkupchallenge-dog.snipp.us https://checkupchallenge-cat.snipp.us https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com; child-src 'self' https://html5-player.libsyn.com https://marspetcare2-na.ada.support https://secure.shoppable.com https://service.force.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://www.walmart.com https://www.amazon.com https://www.chewy.com https://www.petco.com https://www.google.com https://web-widget-iams.herokuapp.com https://cdn.krxd.net https://9077352.fls.doubleclick.net https://staging-catcheckupchallenge.snipp.us https://staging-dogcheckupchallenge.snipp.us https://marspetcare-na.ada.support https://checkupchallenge-dog.snipp.us https://checkupchallenge-cat.snipp.us https://processor808.shoppable.com https://app.shoppable.com https://shoppable.com *.bazaarvoice.com 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de *.openstreetmap.org; frame-ancestors 'self'; 1
default-src 'none'; connect-src 'self' *.crowdriff.com *.ubiquity.co.nz *.windows.net *.doubleclick.net *.google.com *.googleapis.com *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.monsido.com; frame-src 'self' staticcdn.co.nz *.dwcdn.net *.infogram.com radian.mintdesign.co.nz radianstaging.mintdemo.co.nz configurator.wcec.co.nz configurator.takina.co.nz *.metservice.com *.vimeo.com *.youtube.com *.doubleclick.net *.hotjar.com *.google.com *.crowdriff.com *.monsido.com; frame-ancestors 'self'; font-src 'self' *.gstatic.com script.hotjar.com; img-src 'self' data: blob: staticcdn.co.nz shielded.co.nz *.cloudfront.net *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.nz *.monsido.com; media-src 'self' crowdriff-video-upload.s3.amazonaws.com maori-dictionary-media.s3.amazonaws.com; manifest-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' staticcdn.co.nz *.youtube.com *.vimeo.com code.highcharts.com browser-update.org *.crowdriff.com *.jquery.com *.gstatic.com *.googleadservices.com *.google.com *.googleapis.com *.googletagmanager.com *.monsido.com *.hotjar.com *.google-analytics.com *.facebook.net *.ubiquity.co.nz; style-src 'self' 'unsafe-inline' *.crowdriff.com *.googleapis.com *.google.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com vimeo.com *.vimeo.com *.itzbund.de *.bundesbots.de *.twitter.com *.twimg.com cdn.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' multiplatform-f.akamaihd.net *.itzbund.de; media-src 'self' blob: multimedia.gsb.bund.de *.w3schools.com *.quirksmode.org *.youtube.com *.youtube-nocookie.com vimeo.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com *.osm.org *.openstreetmap.de *.twimg.com multiplatform-f.akamaihd.net; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com vimeo.com *.vimeo.com *.readspeaker.com *.3qsdn.com *.it.bund.de *.bundesbots.de *.twitter.com *.twimg.com webcast.nc3-cdn.com blitzvideoserver.de start.video-stream-hosting.de embed.contentflow.net app.sli.do ; img-src 'self' blob: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.osm.org *.openstreetmap.de *.twitter.com *.twimg.com twemoji.maxcdn.com piwik.itzbund.de *.gdw-berlin.de *.streamlock.net; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self' http://www.malaysiaairports.com.my; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com www.google.com *.rawgit.com *.gstatic.com *.googleapis.com static.addtoany.com polyfill.io key-cdn.printfriendly.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com www.google-analytics.com.sg stats.g.doubleclick.net www.google.com www.google.com.sg www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com www.google.com www.youtube.com https://cdn.knightlab.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self'  stats.g.doubleclick.net www.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com *.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co s15923.pcdn.co *.google.com *.gstatic.com *.spartannash.com *.spartannash-uat.com;font-src 'self' data: *.netdna-ssl.com fonts.gstatic.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com *.cloudflare.com;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com *.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co *.businesswire.com *.gravatar.com s15923.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com d36cz9elvz3vfp.cloudfront.net;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.quotemedia.com *.pcdn.co s15923.pcdn.co *.spartannash.com *.spartannash-uat.com;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co *.google.com *.spartannash.com *.spartannash-uat.com;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co *.google-analytics.com *.quotemedia.com stats.g.doubleclick.net *.spartannash.com *.spartannash-uat.com;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 1
default-src https: blob: wss:; frame-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'unsafe-inline'  https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl ; script-src 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://platform.twitter.com https://pixel.fasttony.es https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com https://*.googleapis.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data:; style-src 'unsafe-inline' https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.google-analytics.com  https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://portalpasazera.pl  data:; img-src 'self' https://i.ytimg.com https://cdn.syndication.twimg.com https://skk.erecruiter.pl https://*.plk-sa.pl https://plk-sa.pl https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.facebook.com https://portalpasazera.pl  data: 1
default-src 'self' *.yandex.ru script.hotjar.com vc.hotjar.io in.hotjar.com *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: blob: data:; style-src 'self' *.buderus.com buderus.com 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.google-analytics.com https:; object-src https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https:; img-src 'self' data: https://www.google-analytics.com https:; media-src 'self' https:; frame-src 'self' https://optimize.google.com https:; font-src 'self' data: https://fonts.gstatic.com https: 1
default-src    'self' ws:;script-src      'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net gleif.disqus.com *.disquscdn.com *.cookiebot.com *.linkedin.com *.licdn.com *.twitter.com *.twimg.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com unpkg.com public.tableau.com t37f1ccd5.emailsys1c.net cdn-prod.wdesk.com;style-src        'self' 'unsafe-inline' *.twimg.com *.twitter.com *.disquscdn.com use.typekit.net unpkg.com fonts.googleapis.com;font-src          'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com;img-src            'self' static.licdn.com *.disqus.com *.disquscdn.com *.twitter.com *.twimg.com *.linkedin.com data: about: *.tile.osm.org *.typekit.net img.shields.io public.tableau.com *.emailsys1c.net;frame-src        'self' disqus.com *.twitter.com player.vimeo.com *.linkedin.com www.google.com *.cookiebot.com youtube.com www.youtube.com public.tableau.com;connect-src    'self' api.parse.com/1/functions/search *.gleif.org syndication.twitter.com/settings t37f1ccd5.emailsys1c.net consentcdn.cookiebot.com;prefetch-src  'self' *.disquscdn.com disqus.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.econsumeraffairs.com *.pricespider.com  *.salesforce.com *.force.com *.salesforceliveagent.com   cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.pricespider.com  *.force.com; img-src 'self' *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com *.sharethis.com https://www.google.com.au legal.bbulibrary.com *.googletagmanager.com *.pricespider.com   cdn.cookielaw.org trkn.us *.adsrvr.org data:; frame-src 'self' *.youtube.com *.googletagmanager.com *.sharethis.com *.facebook.com c.sharethis.mgr.consensu.org  *.force.com; font-src 'self' *.gstatic.com data:; connect-src 'self' *.sharethis.com *.sharethis.mgr.consensu.org https://stats.g.doubleclick.net *.google-analytics.com *.force.com    *.cookielaw.org *.onetrust.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de app.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' app.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 1
default-src https:; connect-src pathbrite-content.s3.amazonaws.com pathbrite-direct-upload.s3.amazonaws.com *.pathbrite.com wss://*.pathbrite.com *.facebook.com *.cloudfront.net *.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.facebook.net *.pathbrite.com *.cloudfront.net *.google.com *.google-analytics.com *.twitter.com vimeo.com; style-src 'unsafe-inline' *.cloudfront.net *.bootstrapcdn.com; img-src * data:; font-src * data: 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src * 1
default-src 'self' 'unsafe-inline' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de; img-src *; style-src 'self' 'unsafe-inline' *.itzbund.de; frame-ancestors 'self' *.itzbund.de 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; script-src 'self' 'unsafe-inline' 'nonce-fd7f03f8a4257a05c219f4fe54e6fdb8' 'unsafe-eval'  https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.googleapis.com  wireframecc-9947.kxcdn.com cdn.wireframe.cc; style-src 'self' 'unsafe-inline' fonts.googleapis.com wireframecc-9947.kxcdn.com cdn.wireframe.cc; img-src 'self' wireframecc-9947.kxcdn.com cdn.wireframe.cc data:; child-src 'self' 1
connect-src 'self' *.doubleclick.net *.google.com *.usercentrics.eu https://*.3qsdn.com vendorlist.consensu.org www.google-analytics.com *.bing.com wss://*.bing.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com https://*.3qsdn.com; frame-ancestors 'self' localhost:* sc.01.sana-apps.de www.sana.de www.sanadaily.de; frame-src 'self' *.doubleclick.net *.google.com *.livecoder.com *.sana.de *.usercentrics.eu *.zscaler.net 466b13bd.sibforms.com https://360tour-start.de/Tours22/sana-gyno-benrath.html maps.google.de player.vimeo.com sanadigital.typeform.com sc.01.sana-apps.de virtualpro360.com www.sana.de www.youtube-nocookie.com www.youtube.com sdx.microsoft.com; img-src * *.doubleclick.net *.google.com *.gstatic.com data: www.googletagmanager.com *.bing.com *.microsoft.com; media-src 'self' blob: https://*.3qsdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.vimeo.com *.doubleclick.net *.google.com *.googleadservices.com *.googleapis.com *.usercentrics.eu *.zscaler.net aggregator.service.usercentrics.eu blob: embed.typeform.com https://*.3qsdn.com https://*.jameda-elements.de sc.01.sana-apps.de www.google-analytics.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com https://bat.bing.com https://r.bing.com; script-src-elem 'self' 'unsafe-inline' https://vimeo.com https://*.vimeo.com *.doubleclick.net *.google.com *.googleapis.com *.usercentrics.eu aggregator.service.usercentrics.eu embed.typeform.com https://*.3qsdn.com https://*.jameda-elements.de https://www.googleadservices.com https://www.gstatic.com player.vimeo.com sc.01.sana-apps.de www.google-analytics.com www.googletagmanager.com https://*.googlesyndication.com www.youtube-nocookie.com www.youtube.com https://bat.bing.com https://r.bing.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.3qsdn.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com *.bing.com; 1
default-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com cse.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com; style-src data: https: 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com; connect-src 'self' nzdf.test:8080; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' staticcdn.co.nz www.youtube.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self' ; script-src 'self' 'nonce-Wm1NM1pHTTFaRFJtTmpFeE5tVXc=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-WldWalpqUmlZekJpWXpFNE0ySm0=' *.servmetric.com *.govmetric.com piwik.breda.nl 'nonce-TmpBd1ltWXdZVGxpWWpFeVl6Qm0=' *.vrmwb.nl 'nonce-TkdJMFpXRm1OMlpqTnpnek16Tms=' 'nonce-WVdRNU9USXdOak14TkRKbE9UYzA=' 'nonce-WldWbVl6UTVNREZpWldJMlpqRmw=' 'nonce-Tm1ZeU5HWm1OV00yTVRWaFkyUms='; object-src 'self'; style-src 'self' 'nonce-T1dFMU9USmpZemxpT1dFMVl6Umw=' 'nonce-WVRsaVl6azJOekl6WmpWbE9EVXo=' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.servmetric.com *.govmetric.com 'nonce-TWpjd1lUazJZVGswWlRJME0yWXc=' *.vrmwb.nl 'nonce-T1dWbE1EUTVaR013TVdFeVlUZGs='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com piwik.breda.nl *.vrmwb.nl *.openstreetmap.org chart.googleapis.com; media-src 'self'; frame-src 'self' www.youtube.com reserveren.rondvaartbreda.nl buwa.maps.arcgis.com *.breda.nl *.youtube.com *.servmetric.com *.govmetric.com; frame-ancestors 'self' piwik.breda.nl; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.siteimprove.com *.servmetric.com *.govmetric.com piwik.breda.nl; report-uri /report-csp-violation 1
img-src * 'self' data: https:; default-src 'self' html5shim.googlecode.com *.google-analytics.com *.googleadservices.com apis.google.com *.youtube.com *.vimeo.com *.g.doubleclick.net *.google.com *.google.nl *.hostfact.nl *.ytimg.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com consent-cdn.swmh.de; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com www.youtube.com *.ytimg.com; media-src 'self' www.youtube.com *.ytimg.com; frame-src 'self' www.google.com *.gstatic.com www.youtube.com *.ytimg.com consent-cdn.swmh.de; font-src 'self' data: www.google.com *.googleapis.com *.gstatic.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
frame-ancestors *.amboss.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net *.licdn.com *.twitter.com *.twimg.com *.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.googletagmanager.com *.matomo.cloud *.upsales.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.etracker.com *.etracker.de *.g.doubleclick.net *.matomo.cloud; 1
base-uri 'self'; default-src 'none'; child-src https://mei.animebytes.tv https://irc.animebytes.tv; connect-src 'self' https://mei.animebytes.tv; font-src 'self' data:; form-action 'self' https://mei.animebytes.tv; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://mei.animebytes.tv https://irc.animebytes.tv; img-src 'self' https://animebytes.tv https://mei.animebytes.tv https://cdn.animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-6f13a911a329801a7bfa08d5aba563b4' 'nonce-8b205c2f1086bc4308d24a1dd607ab44' 'nonce-3c986a9b609293d882fc9e2fd58e0399' 'nonce-d3d3521f6f412402df75176096410ad0' 'nonce-c89b146cbb427946000e1ff23c1d3ea7' 'nonce-407a1a3e4b00a29a73130127ccf3cc02' 'nonce-7a1bbd5f23b2294e12f290c3b9507be0' 'nonce-9e8768657389fbb3160af868f52b1be1' 'nonce-cc5dda175582f3ab4b9b1bac57a7f625' 'nonce-c58dfa78f692a0bd810a2f76becaec55' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6f13a911a329801a7bfa08d5aba563b4' 'nonce-8b205c2f1086bc4308d24a1dd607ab44' 'nonce-3c986a9b609293d882fc9e2fd58e0399' 'nonce-d3d3521f6f412402df75176096410ad0' 'nonce-c89b146cbb427946000e1ff23c1d3ea7' 'nonce-407a1a3e4b00a29a73130127ccf3cc02' 'nonce-7a1bbd5f23b2294e12f290c3b9507be0' 'nonce-9e8768657389fbb3160af868f52b1be1' 'nonce-cc5dda175582f3ab4b9b1bac57a7f625' 'nonce-c58dfa78f692a0bd810a2f76becaec55' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch  http://tag.myaspectra.ch  https://verify.certifaction.com ; script-src 'self' https://www.islonline.net  tag.myaspectra.ch  https://www.gstatic.com  https://maps.google.com https://maps.googleapis.com  https://www.google.com  'unsafe-inline' 'unsafe-eval'; style-src https://fonts.googleapis.com  https://fonts.gstatic.com  'self' 'unsafe-inline' ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://www.google.com https://verify.certifaction.com ; font-src 'self' https://fonts.gstatic.com  https://verify.certifaction.com data: ; child-src 'self' https://go.online-ident.ch https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' http//tag.myaspectra.ch http://0.gravatar.com data:  1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self'  'unsafe-inline' data:; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
default-src 'self' blob: http: https: wss://bot.moin.ai/primus w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: blob: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 1
frame-ancestors 'self' https://www.carroya.com/noticias https://www.motor.com.co 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.poast.org poast.org *.poastcdn.org poastcdn.org 1
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl *.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.jivosite.com wss://*.jivosite.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com;img-src https://www.wefact.nl data: *.ytimg.com *.google-analytics.com *.google.com *.google.nl *.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.jivosite.com *.facebook.com *.facebook.net *.fbcdn.net *.licdn.com *.linkedin.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com *.google-analytics.com *.googletagmanager.com https://developers.google.com https://maps.googleapis.com *.webinargeek.com *.mouseflow.com *.jivosite.com 'unsafe-inline' *.facebook.com *.facebook.net *.licdn.com *.linkedin.com;style-src https://www.wefact.nl 'unsafe-inline' https://fonts.googleapis.com *.webinargeek.com *.jivosite.com *.licdn.com *.typekit.net;font-src https://fonts.gstatic.com *.webinargeek.com *.mouseflow.com *.typekit.net;media-src *.jivosite.com;child-src *.mouseflow.com *.facebook.com *.facebook.net;manifest-src https://www.wefact.nl;frame-src https://www.youtube.com *.webinargeek.com *.mouseflow.com *.facebook.com *.facebook.net *.linkedin.com *.loom.com 1
default-src 'unsafe-hashes' www.crohnsandcolitis.org.uk https://*.readspeaker.com https://poster.crohnsandcolitis.org.uk https://platform.twitter.com https://docs.google.com https://customervoice.microsoft.com https://vars.hotjar.com https://r1.dotdigital-pages.com https://www.youtube-nocookie.com https://www.google.com https://chats.landbot.io https://*.addthis.com https://www.youtube.com https://player.vimeo.com;base-uri 'self';frame-ancestors 'self';script-src 'nonce-2cd399d6b59a41c2802bfbcc4a360f9e' 'unsafe-eval' 'self' https://*.readspeaker.com https://connect.facebook.net https://static.trackedweb.net https://app.postermaker.io https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://analytics.nyltx.com https://ruler.nyltx.com/ https://*.cookiefirst.com https://maps.googleapis.com https://unpkg.com/vue@3.2.20/ https://static.landbot.io https://secure.callhandling.co.uk https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com;connect-src 'self' https://*.trackedweb.net https://*.readspeaker.com https://www.facebook.com https://platform.twitter.com https://docs.google.com https://*.cookiefirst.com https://in.hotjar.com https://vc.hotjar.io https://analytics.nyltx.com https://maps.googleapis.com https://secure.callhandling.co.uk https://chats.landbot.io https://*.addthis.com https://www.google-analytics.com https://stats.g.doubleclick.net;img-src 'self' data: https://www.facebook.com https://*.linkedin.com https://*.addthis.com https://maps.gstatic.com https://maps.googleapis.com https://maps.googleapis.com https://storage.googleapis.com https://static.landbot.io https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net;font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' blob: https://*.readspeaker.com https://*.cookiefirst.com https://p.typekit.net https://use.typekit.net https://localhost:44367 https://fonts.googleapis.com;form-action 'self' https://*.readspeaker.com; 1
frame-ancestors 'self' https://*.hapara.com/ 1
frame-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.gstatic.com *.newrelic.com; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-0AIOUGfwuTiUteOMXDG3epMiEsgfKbtc/t1Hqou6Qh5fztcA'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de; script-src 'strict-dynamic' 'nonce-e4aa0df26703b3df39ad48a0c1feb4a7' 'nonce-2fd3a0c3e7d7af4699c92ad77281d133' 'nonce-9582043fa76d805b6154d1d2d979b49a' 'nonce-5a0b63f507fb3b9f01f9714adea7ae5c' 'nonce-a544d8cdf8744a92900a2b840585f108' 'nonce-20340b5e310276018d704dbc2231a307' 'nonce-41e46bd3f37b24b7633f4423f9ce3ca6' 'nonce-cf826f04b5132e9786d4e69d59b66b63' 'nonce-02f07e579ff10fa5bf29e19ecff76ae5' 'nonce-1e6e7a75872fcdb5667be26cfad9e1a6' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e4aa0df26703b3df39ad48a0c1feb4a7' 'nonce-2fd3a0c3e7d7af4699c92ad77281d133' 'nonce-9582043fa76d805b6154d1d2d979b49a' 'nonce-5a0b63f507fb3b9f01f9714adea7ae5c' 'nonce-a544d8cdf8744a92900a2b840585f108' 'nonce-20340b5e310276018d704dbc2231a307' 'nonce-41e46bd3f37b24b7633f4423f9ce3ca6' 'nonce-cf826f04b5132e9786d4e69d59b66b63' 'nonce-02f07e579ff10fa5bf29e19ecff76ae5' 'nonce-1e6e7a75872fcdb5667be26cfad9e1a6' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; object-src 'self' *; style-src 'self' 'unsafe-inline' * ; img-src 'self' data: *; media-src 'self' *; frame-src 'self' *; frame-ancestors 'self'; child-src 'self' *; font-src 'self' data: *; connect-src 'self' * 1
default-src 'self' https://equatio.texthelp.com/static/ wss://*.firebaseio.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://*.speechstream.net/; connect-src 'self' wss://*.speech.microsoft.com/speech/recognition/dictation/cognitiveservices/v1 wss://*.firebaseio.com/ wss://cloud.myscript.com/api/v4.0/iink/document https://www.google-analytics.com/ https://*.googleapis.com/ https://*.texthelp.com/ https://equatio-search-proxy.texthelp.com; style-src 'self' 'unsafe-inline' https://equatio.texthelp.com/static/ https://fonts.googleapis.com/css; script-src 'self' https://equatio.texthelp.com/static/ https://www.google-analytics.com/ https://*.firebaseio.com/ https://www.gstatic.com/firebasejs/; img-src https://equatio.texthelp.com/static/ 'self' https://*.texthelp.com/ data: blob: https://*.googleusercontent.com/ https://chart.googleapis.com/chart https://www.google.com/ https://www.google-analytics.com; font-src https://equatio.texthelp.com/static/ https://fonts.gstatic.com/; object-src 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co; frame-src 'self' *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com; worker-src 'self' blob: 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; connect-src 'self' steemit.com api.steemit.com dist.one wss://rpc.dist.one api.blocktrades.us https://steemitimages.com https://translate.googleapis.com; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com acceptable.a-ads.com ad.a-ads.com page.ludorum.dev; font-src data: fonts.gstatic.com 'self'; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com pagead2.googlesyndication.com adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.addtoany.com *.w3.org  *.nuix.com *.googletagmanager.com *.cloudflare.com *.bootstrapcdn.com *.pardot.com *.fontawesome.com *.nr-data.net *.drupal.org *.schema.org *.pantheonsite.io *.facebook.net *.leadforensics.com *.greenhouse.io ; style-src 'self' 'unsafe-inline' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.w3.org *.twimg.com *.w3.org/2000/svg *.nuix.com *.googletagmanager.com *.pardot.com *.bootstrapcdn.com *.fontawesome.com *.twitter.com *.pantheonsite.io; img-src 'self' data: https: *.zoominfo.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com *.w3.org *.twimg.com *.w3.org/2000/svg *.nuix.com *.googletagmanager.com *.pardot.com *.facebook.com *.leadforensics.com; media-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com; frame-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com; frame-ancestors 'self' *.linkdein.com *.facebook.net *.vimeo.com *.ytimg.com *.pardot.com *.nuix.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com *.pantheonsite.io; child-src 'self' *.vimeo.com *.youtube.com *.googlevideo.com *.ytimg.com *.pardot.com *.nuix.com  *.googleapis.com *.google.com *.gstatic.com *.greenhouse.io *.twitter.com *.soundcloud.com *.addtoany.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *; style-src *; connect-src * 1
default-src * data: 'unsafe-inline' 'unsafe-eval' ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * data: 'unsafe-inline' ; img-src * data: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net; 1
"default-src *" 1
default-src 'none'; script-src 'self' https://analytics.monetra.com https://www.google.com https://www.gstatic.com; connect-src https://9872520550193828.hostedstatus.com/1.0/status/6148993c877ce705383f1463 'self'; img-src 'self' https://analytics.monetra.com data:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self'; frame-src https://www.google.com 1
default-src https: *.ufg.pl; script-src https: *.ufg.pl 'unsafe-inline' 'unsafe-eval';style-src https: *.ufg.pl 'unsafe-inline';img-src 'self' data: https: www.google-analytics.com; frame-src https: *.ufg.pl; media-src data: https: *.ufg.pl; child-src https: *.ufg.pl 1
frame-ancestors 'none'; report-uri /report-csp-violation 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' clicky.com *.getclicky.com www.google.com www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com fast.fonts.com cdnjs.cloudflare.com; frame-src https://www.google.com 'self'; 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storck.com storck.piwik.pro; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.storck.com; connect-src 'self' data: *.storck.com storck.piwik.pro; font-src 'self'; frame-src 'self' data: *.storck.com; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de; script-src 'strict-dynamic' 'nonce-d11981f9779acfb05168036893c6f07b' 'nonce-32967bb3d8a9b4a6654427f36333cd04' 'nonce-d012d3fcc0a2dc071f32d71dfec36b47' 'nonce-271dd763fa62238a13f01bdd6d62231e' 'nonce-e03b5f03085123be6afbd6d97effbebc' 'nonce-5006a554db135bb280d091fd6f0b293c' 'nonce-683340cbf0233f320a1b03edb06430d5' 'nonce-4a4a614b7e402b1aa85fdb046748bc94' 'nonce-a0e400228c47a4f5fc5c3bee9f035bad' 'nonce-f25ce2f41acc62cb367ab44ae3a32d03' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d11981f9779acfb05168036893c6f07b' 'nonce-32967bb3d8a9b4a6654427f36333cd04' 'nonce-d012d3fcc0a2dc071f32d71dfec36b47' 'nonce-271dd763fa62238a13f01bdd6d62231e' 'nonce-e03b5f03085123be6afbd6d97effbebc' 'nonce-5006a554db135bb280d091fd6f0b293c' 'nonce-683340cbf0233f320a1b03edb06430d5' 'nonce-4a4a614b7e402b1aa85fdb046748bc94' 'nonce-a0e400228c47a4f5fc5c3bee9f035bad' 'nonce-f25ce2f41acc62cb367ab44ae3a32d03' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.cloudfront.net max-access-toolbar.onlineada.workers.dev *.amazonaws.com *.maxaccess.io; script-src 'self' www.googletagmanager.com js.hsadspixel.net *.hs-banner.com *.crazyegg.com js.hs-analytics.net *.equalweb.com access.equalweb.com connect.facebook.net www.google.com *.gstatic.com maps.googleapis.com maps.googleapis.com/* *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.maxaccess.io *.audioeye.com *.userway.org js.hsleadflows.net maxaccess-api.onlineada.workers.dev; style-src 'self' *.typekit.net *.fonts.net fonts.googleapis.com maps.googleapis.com *.userway.org *.maxaccess.io api.maxaccess.io/scripts/toolbar/*; img-src 'self' www.googletagmanager.com *.webdamdb.com www.google-analytics.com insight.adsrvr.org www.facebook.com data: maps.gstatic.com *.googleapis.com *.ggpht.com *.hubspot.com img.youtube.com blog.hobartcorp.com  *.hsforms.com *.cloudfront.net *.maxaccess.io maxaccess.io *.userway.org warewash.hobartcorp.com *.hubspotusercontent30.net; frame-src 'self' *.google.com *.hotjar.com *.youtube.com *.webdamdb.com *.hsforms.com *.facebook.com; font-src 'self' use.typekit.net fast.fonts.net fonts.gstatic.com; connect-src 'self' api.hubapi.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net *.equalweb.com *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com tracking.crazyegg.com *.amazonaws.com *.maxaccess.io *.userway.org *.cloudfront.net d3tl8vem8osmxf.cloudfront.net d5gilh1ztb0u5.cloudfront.net maxaccess-api.onlineada.workers.dev fetch-maxaccess-cache.onlineada.workers.dev forms.hubspot.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com/printfriendly.js https://static.addtoany.com/menu/page.js https://www.googletagmanager.com/gtm.js https://ds-4047.kxcdn.com/api/v3/domain_settings/a https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/  https://www.google-analytics.com/collect https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' * 'unsafe-eval'; style-src 'unsafe-inline' * 'unsafe-eval'; img-src *; media-src *; frame-src *; frame-ancestors *.archcare.org; font-src *; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.smartmobil.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.smartmobil.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com; script-src 'strict-dynamic' 'nonce-a749408f9784a2886d3ed8c6292b9da3' 'nonce-fffa773f32f16830bee97b52b274ca4a' 'nonce-ebe6ee569799201fd5e194c907f71de1' 'nonce-5c60a3378c4ae11a1c6c83be417c5ff5' 'nonce-62277e4c6ec8a909c181e0679f72b83d' 'nonce-b8d09dc37f4fa3c5637ae546cac97afe' 'nonce-93945fd45acb1563dfaa7a7911869b5d' 'nonce-f37ed4e8fa899c0948435d9aeb299577' 'nonce-fd19d79cdd8f657d9819aba7a4f82274' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.smartmobil.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a749408f9784a2886d3ed8c6292b9da3' 'nonce-fffa773f32f16830bee97b52b274ca4a' 'nonce-ebe6ee569799201fd5e194c907f71de1' 'nonce-5c60a3378c4ae11a1c6c83be417c5ff5' 'nonce-62277e4c6ec8a909c181e0679f72b83d' 'nonce-b8d09dc37f4fa3c5637ae546cac97afe' 'nonce-93945fd45acb1563dfaa7a7911869b5d' 'nonce-f37ed4e8fa899c0948435d9aeb299577' 'nonce-fd19d79cdd8f657d9819aba7a4f82274' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; frame-src 'self' https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at 1
default-src 'self' gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com *.google-analytics.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.gleamjs.io *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' https://www.youtube.com detergents.lidl-info.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.edge-cdn.net https://www.youtube-nocookie.com form.lidl.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com lidl.media01.eu fpm.climatepartner.com data: gap: ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://platform.twitter.com https://ton.twimg.com 'unsafe-inline'; media-src *; object-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
base-uri 'self' *.google.com; child-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; frame-src blob: 'self' gap: app.powerbi.com dev.visualwebsiteoptimizer.com *.google.com *.googletagmanager.com *.investis.com *.surveymonkey.com *.twitter.com *.vimeo.com *.youtube.com; connect-src fonts.googleapis.com fonts.gstatic.com ict.infinity-tracking.net outsysprod.paragon-group.co.uk response.pure360.com 'self' sitesearch360.com wss://mpsnare.iesnare.com *.doubleclick.net *.feefo.com *.google.com *.google-analytics.com *.investis.com *.paragonbank.co.uk *.paragonbankinggroup.co.uk *.sitesearch360.com *.twimg.com *.twitter.com *.visualwebsiteoptimizer.com; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.googleapis.com *.gstatic.com; img-src 'self' data: * blob:; media-src data: mpsnare.iesnare.com 'self'; script-src gap: 'self' ict.infinity-tracking.net mpsnare.iesnare.com sitesearch360.com snap.licdn.com unpkg.com *.doubleclick.net *.feefo.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.investis.com *.paragonbankinggroup.co.uk *.sitesearch360.com *.surveymonkey.com *.twimg.com *.twitter.com *.youtube.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' dev.visualwebsiteoptimizer.com *.google.com *.googleapis.com *.gstatic.com *.twimg.com *.twitter.com 'unsafe-inline'; frame-ancestors gap: 'self' *.doubleclick.net *.googletagmanager.com *.noblehosted.com *.surveymonkey.com theparagongroup.sharepoint.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=vOlxfDOEjlGH6Wk6BgEd2g0hEukW67oSdIjdp7wvoSD%2f14vpghnnrFi%2fvUtw0eKqB1rlmLOTQ1aBngHe7sTCWkL5S1WI8fA6Xp4v1wuty9Oa%2boHM2QAKdilqcNb1Lq8gFXGKSAkGmyHSfqI2FRtbCVjIrJZLI1lszehPExzbibo60tbWNmIa9Bq4c%2bWSs4sNrP42m%2fAgvbcIlKOIZbjNtg%3d%3d; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.poa.st poa.st *.poastcdn.org poastcdn.org 1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net www.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.googleusercontent.com *.googletagmanager.com *.flourish.studio blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ZUcDdSPOPml1UiG%2BTOpzNukklUWADsgyN4Pv7kVoWgrZ9BFU%2FeZEArOLlH7nIQI6ZNf%2Fw0h0YnSfNHdzyIrClQ%3D%3D; 1
base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://translate.google.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://www.google-analytics.com https://trendygolfusa.imgix.net https://production-trendygolfusa-1591363996.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead https://www.google.com/pagead https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.gstatic.com https://translate.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://www.google-analytics.com https://ssl.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://*.instagram.com https://*.sciencebehindecommerce.com https://www.facebook.com https://www.paypal.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.helpscout.net https://o21324.ingest.sentry.io https://vc.hotjar.io https://www.google.com https://adservice.google.com; font-src data: https://trendygolfusa.com; media-src 'self'; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self'; object-src 'self' https://pts.simplytel.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.simplytel.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-b615290f9d29af23b81a1d61e44aa5dd' 'nonce-2092f12b96efcd7bb684ff8f2c4ec81a' 'nonce-bf0ddc875c9454ec5529b19af1d81686' 'nonce-1db54a0dc94cda733a201e1d31494a32' 'nonce-4350986e42168da34aa5f1afaedd0ecc' 'nonce-8957d1ed31c0b753f4e16564101be4cf' 'nonce-7096745bd2c4537810a8f3ca8b89a7e8' 'nonce-370a5c923a7e41a16f0abfa191cbb1d3' 'nonce-9c822f9cd472cd4f0e1bc62233ce6cd5' 'nonce-fd5f4c22e4ff60a930df880fefc66d98' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.simplytel.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-b615290f9d29af23b81a1d61e44aa5dd' 'nonce-2092f12b96efcd7bb684ff8f2c4ec81a' 'nonce-bf0ddc875c9454ec5529b19af1d81686' 'nonce-1db54a0dc94cda733a201e1d31494a32' 'nonce-4350986e42168da34aa5f1afaedd0ecc' 'nonce-8957d1ed31c0b753f4e16564101be4cf' 'nonce-7096745bd2c4537810a8f3ca8b89a7e8' 'nonce-370a5c923a7e41a16f0abfa191cbb1d3' 'nonce-9c822f9cd472cd4f0e1bc62233ce6cd5' 'nonce-fd5f4c22e4ff60a930df880fefc66d98' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' static.ctctcdn.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.google.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com https://connect.facebook.net/ code.jquery.com kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ https://www.youtube.com/ https://vrweb15.linguatec.org data: https://shop.bzga.de/; img-src 'self' data: https://cdn.ckeditor.com/ https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.ytimg.com/ https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/ https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ https://vrweb15.linguatec.org https://cdn.ckeditor.com/ 1
frame-ancestors 'self' https://www.kayak.fr 1
default-src 'none'; base-uri 'self'; form-action https: 'self'; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; media-src *; frame-src *; frame-ancestors 'self' https:; font-src 'self' https:; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https://wbregistration.gov.in;                                                     connect-src https://wbregistration.gov.in;                                                     font-src https://wbregistration.gov.in data:;                                                     frame-src https://wbregistration.gov.in;                                                    img-src https: data:;                                                     media-src https://wbregistration.gov.in;                                                      object-src https://www.wbregistration.gov.in;                                                     script-src 'unsafe-inline' 'unsafe-eval' https://www.wbregistration.gov.in;                                                     style-src 'unsafe-inline' https://www.wbregistration.gov.in; 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
script-src 'self' 'nonce-YbQlHN7KCVe02WqhzZoaPt8U' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.printfriendly.com static.addtoany.com ds-4047.kxcdn.com www.google-analytics.com cdn.jsdelivr.net unpkg.com ajax.googleapis.com ajax.aspnetcdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.googleapis.com; img-src 'self' data: s.yimg.com cdn.printfriendly.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.com.my; media-src 'self'; frame-src 'self' data: static.addtoany.com fwb.malaysiaairports.com.my www.youtube.com www.google.com apps.mahb.az.primuscore.com http://apps.mahb.az.primuscore.com:8000 fwb.malaysiaairports.com.my:8000; frame-ancestors 'self' fwb.malaysiaairports.com.my apps.mahb.az.primuscore.com fwb.malaysiaairports.com.my:8000; child-src 'self'; font-src 'self' cdn.jsdelivr.net unpkg.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.stripe.com; style-src 'self' data: 'unsafe-inline' https: https: wss: *.stripe.com *.studentbeans.com blob; img-src * data: blob:; font-src 'self' data: https:; connect-src 'self' data: https: wss: *.stripe.com *.studentbeans.com; media-src *; object-src 'self' https:; frame-src *; form-action 'self'  *.citationsy.es *.stripe.com *.studentbeans.com accounts.google.com tinyletter.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://npmcdn.com https://*.whydonate.nl https://www.youtube.com https://www.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://cdn.quilljs.com https://connect.facebook.net https://graph.facebook.com https://www.linkedin.com/countserv/count/ https://www.linkedin.com http://s7.addthis.com/js/300/addthis_widget.js http://cdn.quilljs.com/1.3.6/quill.min.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googletagmanager.com/gtm/ https://client.crisp.chat/l.js http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://www.google-analytics.com/gtm/ https://client.crisp.chat/static/javascripts/ http://static.hotjar.com/ http://v1.addthisedge.com/live/boost/ http://v1.addthis.com/live/ https://script.hotjar.com/ http://s7.addthis.com/static/ https://settings.crisp.chat/client/website/ https://www.googletagmanager.com/ https://edge.addthis.com/static/layers.1a65b1df626b9b567918.js https://edge.addthis.com/ https://edge.addthis.com https://*.addthis.com/ https://*.addthis.com https://browser.sentry-cdn.com/5.6.2/bundle.min.js https://browser.sentry-cdn.com https://browser.sentry-cdn.com/ https://tagmanager.google.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js/ https://cdn.jsdelivr.net/ https://cdn.jsdelivr.net https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js/ https://www.googleadservices.com/ https://www.googleadservices.com https://client.crisp.chat https://client.crisp.chat/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube.com https://cdn.quilljs.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/quill/1.3.6/quill.core.min.css https://cdnjs.cloudflare.com/ajax/libs/quill/1.3.6/quill.snow.min.css http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css https://client.crisp.chat/static/stylesheets/ https://tagmanager.google.com/ https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://client.crisp.chat https://mozbar.moz.com/ https://mozbar.moz.com https://helpdesk.whydonate.nl/ https://helpdesk.whydonate.nl https://script.hotjar.com/; img-src 'self' data: https://whydonate-production-api-media.storage.googleapis.com https://i.ytimg.com https://www.facebook.com https://www.linkedin.com https://p-pan.triodos.com https://client.crisp.chat https://res.cloudinary.com https://res.cloudinary.com/whydonate/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://image.crisp.chat/ https://www.google.co.in/ https://www.google.nl/ https://www.google.nl https://ssl.gstatic.com https://ssl.gstatic.com/ https://www.gstatic.com/ https://www.gstatic.com https://whydonate.nl https://whydonate.nl/ https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/ https://img.youtube.com https://vimeo.com https://vimeo.com/; object-src 'none'; media-src 'self' https://*.googlevideo.com; connect-src 'self' https://www.youtube.com https://s7.addthis.com https://m.addthis.com/ https://20190613t213753-dot-whydonate-production-api.appspot.com https://whydonate-development.appspot.com https://whydonate-production-api.appspot.com wss://client.relay.crisp.chat/ https://in.hotjar.com/api/v1/ https://in.hotjar.com/api/v1/ https://vc.hotjar.io/ https://res.cloudinary.com https://res.cloudinary.com/whydonate/ https://in.hotjar.com/ wss://*.hotjar.com wss://*.hotjar.com/ https://ws10.hotjar.com/ https://ws9.hotjar.com/ https://ws8.hotjar.com/ https://ws7.hotjar.com/ https://ws6.hotjar.com/ https://ws5.hotjar.com/ https://ws4.hotjar.com/ https://ws3.hotjar.com/ https://ws2.hotjar.com/ https://ws1.hotjar.com/ https://sentry.io/ https://www.google-analytics.com/ https://www.facebook.com https://www.linkedin.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/ https://client.crisp.chat/static/sounds/events/chat-message-receive.oga https://client.crisp.chat/static/sounds/events/chat-message-receive.oga/ https://client.crisp.chat https://client.crisp.chat/ https://storage.crisp.chat https://storage.crisp.chat/; frame-src 'self' https://s7.addthis.com https://www.facebook.com https://staticxx.facebook.com https://m.facebook.com/ http://s7.addthis.com/ https://vars.hotjar.com/ https://youtube.com/ https://www.youtube.com/ https://vimeo.com/ https://edge.addthis.com/ https://edge.addthis.com https://*.addthis.com/ https://*.addthis.com https://mozbar.moz.com/ https://mozbar.moz.com https://player.vimeo.com/ https://www.linkedin.com https://helpdesk.whydonate.nl/ https://helpdesk.whydonate.nl https://web.facebook.com; report-uri /report-violation; upgrade-insecure-requests 1
frame-ancestors *; 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors gba-editor-kkn.prod.gsb.gba.in.bund.de piwik.itzbund.de *.facebook.com 1
connect-src 'self' https://localhost:3000; frame-ancestors 'self'; object-src 'self'; script-src 'self' https://analytics.historia-arte.com https://maps.googleapis.com; report-uri /csp-report; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net www.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com staticcontents.investisdigital.com ipapi.connectid.cloud otp.tools.investis.com https://sc.lfeeder.com player.vimeo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com w.soundcloud.com player.vimeo.com atsginc.wufoo.com myabx.com indd.adobe.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net  ipapi.connectid.cloud https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com; report-uri /report-csp-violation 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com ajax.googleapis.com embed.typeform.com www.googletagmanager.com tagmanager.google.com analyzer.amedick-sommer.de vendorlist.consensu.org www.youtube.com s.ytimg.com www.vvs.de *.usercentrics.eu; 1
base-uri 'none';connect-src 'self' wss://*.fuelrats.com https://dev.api.fuelrats.com ;default-src 'self' *.fuelrats.com;font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://js.stripe.com;img-src 'self' *.wp.com blob: data:;manifest-src 'self';object-src 'self' data:;script-src 'self' *.stripe.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-xRzvJz7v403w5HBvXY5y5CUL' 'nonce-OYZLhM+3xpuWum/Z2+EH0zR3' 'nonce-hWe/xxpTkJ0z9yF2h9WP2KU4' 'nonce-Hk54Vp4yhMLmkFgBTT3sUyZZ' 'nonce-VdS4ZrnaWf7f2qqrIfolfKCF' 'nonce-H+WAtmzMstHN3Wzw+JyCVvtq' 'nonce-MAdoJ56JQwsXwlHcNPIuYzb1' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
default-src https: data: *.mouseflow.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' *.mouseflow.com; object-src https:; style-src https: 'unsafe-inline'; img-src https: data: *.mouseflow.com; media-src https:; font-src https: data: *.mouseflow.com; connect-src https: wss:; frame-ancestors 'self' partner.approvalmax.com partnersportal.approvalmax.com; 1
default-src 'self' *.learningcloud.me ;script-src 'self' www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *; style-src 'self' * 'unsafe-inline' 'unsafe-eval' ; font-src 'self' * 'unsafe-inline' 'unsafe-eval'  1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://*.twitter.com https://fonts.googleapis.com https://translate.google.com; img-src 'self' data: https://*.cdninstagram.com https://*.fbcdn.net https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://www.google-analytics.com https://trendygolf.imgix.net https://production-trendygolf-1556104155.s3.amazonaws.com https://*.twitter.com https://*.twimg.com https://www.awin1.com https://www.google.co.uk/pagead/ https://www.google.com/pagead/ https://www.facebook.com https://stats.g.doubleclick.net https://t.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.gstatic.com https://translate.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.paypal.com https://*.paypalobjects.com http://*.instagram.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google.com.ai https://www.google.com.ag https://www.google.com.au https://www.google.bs https://www.google.be https://www.google.com.bz https://www.google.com.br https://www.google.vg https://www.google.bg https://www.google.bi https://www.google.ca https://www.google.cv https://www.google.co.cr https://www.google.hr https://www.google.com.cu https://www.google.com.cy https://www.google.cz https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.com.sv https://www.google.ee https://www.google.fi https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gl https://www.google.com.gt https://www.google.gg https://www.google.ht https://www.google.hn https://www.google.com.hk https://www.google.hu https://www.google.is https://www.google.ie https://www.google.co.in https://www.google.co.id https://www.google.it https://www.google.com.jm https://www.google.co.jp https://www.google.je https://www.google.jo https://www.google.kz https://www.google.com.kw https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.com.mx https://www.google.ms https://www.google.co.ma https://www.google.nl https://www.google.co.nz https://www.google.com.ni https://www.google.no https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.com.pr https://www.google.ro https://www.google.com.vc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.th https://www.google.tt https://www.google.tn https://www.google.com.tr https://www.google.ae https://www.google.co.vi https://www.google.co.ve https://www.google.at https://insights.algolia.io https://www.google-analytics.com https://ssl.google-analytics.com https://apis.google.com https://*.twitter.com https://*.twimg.com https://*.instagram.com/en_US/embeds.js https://www.dwin1.com https://www.googleadservices.com https://connect.facebook.net https://ads.avocet.io https://googleads.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.awin1.com https://www.google.com/pagead/ https://beacon-v2.helpscout.net; frame-src https://js.stripe.com https://*.paypal.com https://*.twitter.com https://www.googletagmanager.com https://www.google.com https://*.youtube.com https://*.twitter.com https://*.vimeo.com https://*.instagram.com http://*.issuu.com/ https://*.facebook.com https://www.paypalobjects.com https://graph.facebook.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.paypal.com https://api.addressy.com https://sentry.io https://www.google-analytics.com https://*.instagram.com https://*.twitter.com https://api.everythinglocation.com https://insights.algolia.io https://*.cloudfront.net https://*.helpscout.net https://*.instagram.com https://*.sciencebehindecommerce.com https://graph.facebook.com https://o21324.ingest.sentry.io https://stats.g.doubleclick.net https://www.facebook.com https://www.paypal.com https://vc.hotjar.io https://www.google.com https://adservice.google.com; font-src data: https://trendygolf.com; media-src 'self'; form-action 'self' https://*.twitter.com https://*.twitter.com https://www.facebook.com/tr/; object-src 'self'; block-all-mixed-content; report-uri https://5ce9a457525b0c6b344093f4321341fa.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.arbeitsagentur.de *.jobcenter-ge.de; base-uri 'self' *.jobcenter-ge.de; style-src 'self' 'unsafe-inline' *.jobcenter-ge.de; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.arbeitsagentur.de *.jobcenter-ge.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.arbeitsagentur.de *.jobcenter-ge.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.arbeitsagentur.de *.jobcenter-ge.de; frame-ancestors 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'none'; frame-src 'none'; frame-ancestors 'none'; child-src 'none'; font-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://form.jotformeu.com https://cdn.jotfor.ms https://js.jotform.com https://widgets.jotform.io https://browser.sentry-cdn.com https://events.jotform.com https://static.dvinci-easy.com https://api.heycamp.de https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js https://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/de/local.js https://code.jquery.com https://static.srcspot.com/libs/alleen.js;; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jotfor.ms http://www.al-ko.com https://widgets.jotform.io https://static.dvinci-easy.com;; img-src 'self' www.google-analytics.com https://www.facebook.com https://www.google.com https://cdn.jotfor.ms https://stats.g.doubleclick.net https://events.jotform.com https://www.heycamp.de https://cdn.cookielaw.org https://i3.ytimg.com https://www.google.ro  https://www.google.de  https://www.google.com;; media-src 'self'; frame-src 'self' https://www.google.com https://www.store-connector.com https://submit.jotformeu.com/ https://www.youtube.com/;; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com netdna.bootstrapcdn.com;; connect-src 'self' https://www.google-analytics.com *.onetrust.com https://cdn.cookielaw.org https://static.dvinci-easy.com https://alko-tech.dvinci-easy.com https://www.heycamp.de https://stats.g.doubleclick.net;; report-uri /en/report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data\: ; style-src 'self' 'unsafe-inline'; font-src 'self' 1
default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
default-src ; script-src https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval' https://form.partner-versicherung.de; object-src ; style-src 'self' https://fonts.googleapis.com https://*.entrecode.de 'unsafe-inline'; img-src 'self' * *.dealbunny.de data:; media-src *; child-src *.youtube.com *.vimeo.com https://www.google.com https://form.partner-versicherung.de https://kredit.check24.de/; font-src 'self' https://fonts.gstatic.com https://*.entrecode.de data:; connect-src 'self' *.cachena.entrecode.de entrecode.de *.entrecode.de localhost:* dev.dealbunny.de:* *.dealbunny.de https://www.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 1
frame-ancestors 'self' https://www.golfofbf.org https://*.instapage.com http://*.instapage.com https://cloud.scorm.com https://360.articulate.com https://university.fb.org 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; img-src 'self' www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://sentry.vixns.net/api/208/store/ https://sentry.vixns.net/api/208/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com googletagmanager.com https:; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' data: https:; media-src 'self'; frame-src 'self' https:; font-src 'self' fonts.gstatic.com data:; connect-src 'self' www.google-analytics.com 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.bing.com *.bing.com https://*.google-analytics.com *.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net https://hello.myfonts.net hello.myfonts.net https://*.clarity.ms *.clarity.ms https://*.intercom.io *.intercom.io wss://*.intercom.io; font-src 'self' https://*.typekit.net *.typekit.net https://*.intercomcdn.com *.intercomcdn.com; form-action 'self'; frame-ancestors 'self' https://www.summerdiscovery.com www.summerdiscovery.com; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.youtube.com *.youtube.com https://*.powr.io *.powr.io https://summerdiscovery.secure.force.com summerdiscovery.secure.force.com https://summerdiscovery.tfaforms.net summerdiscovery.tfaforms.net https://*.visme.co *.visme.co https://www.summerdiscovery.com www.summerdiscovery.com; img-src 'self' https://www.summerdiscovery.com www.summerdiscovery.com https://*.adsymptotic.com *.adsymptotic.com https://*.bbb.org *.bbb.org https://*.bing.com *.bing.com https://*.clarity.ms *.clarity.ms https://www.facebook.com www.facebook.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.intercomcdn.com *.intercomcdn.com https://*.linkedin.com *.linkedin.com https://static.intercomassets.com static.intercomassets.com https://*.ytimg.com *.ytimg.com blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://bat.bing.com bat.bing.com https://ajax.googleapis.com ajax.googleapis.com https://*.clarity.ms *.clarity.ms https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.doubleclick.net *.doubleclick.net https://connect.facebook.net connect.facebook.net https://*.google.com *.google.com https://translate.google.com translate.google.com https://*.googleadservices.com *.googleadservices.com https://*.googleapis.com *.googleapis.com https://*.google-analytics.com *.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://*.powr.io *.powr.io https://snap.licdn.com snap.licdn.com https://static.hotjar.com static.hotjar.com https://*.visme.co *.visme.co https://widget.intercom.io widget.intercom.io https://js.intercomcdn.com js.intercomcdn.com https://*.youtube.com *.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://hello.myfonts.net hello.myfonts.net https://translate.googleapis.com translate.googleapis.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://*.google.com *.google.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.trustlogo.com https://trustlogo.com; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:  *.trustlogo.com; media-src 'self'; frame-src 'self' *.google.com; font-src 'self'; connect-src 'self'; report-uri /csp-report.php 1
allow 'self'  default-src 'self' 'unsafe-inline' www.google-analytics.com  *.twitter.com  *.facebook.com  *.facebook.net  *.google.com 1
default-src 'self' blob: storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at; frame-src  'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de jobs.comsoft.de tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com 1
default-src 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' https://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://vimeo.com https://player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.syndication.twimg.com/timeline/profile https://platform.twitter.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ckeditor.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' * https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://platform.twitter.com https://ton.twimg.com https://cdn.ckeditor.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google.com https://fonts.gstatic.com https://www.gstatic.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.axessx.de 1
default-src 'self'; script-src 'self' assets.juicer.io ajax.googleapis.com connect.facebook.net platform.twitter.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.juicer.io woobox.com *.formstack.com assets.pinterest.com app.icontact.com *.googleapis.com *.pricespider.com *.hotjar.com *.salesforce.com *.force.com *.salesforceliveagent.com   cdn.cookielaw.org; object-src 'self'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io 'unsafe-inline' *.formstack.com app.icontact.com  *.pricespider.com *.force.com; img-src 'self' *.cdninstagram.com *.xx.fbcdn.net *.facebook.com *.twitter.com *.google-analytics.com *.ytimg.com *.xx.fbcdn.net data: *.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.juicer.io *.google.com *.imgur.com *.icontact.com *.formstack.com *.gstatic.com   *.pricespider.com *.fbcdn.net *.bimbobakeriesusa.com  cdn.cookielaw.org trkn.us *.adsrvr.org ; frame-src 'self' * *.entenmanns.com rsmstanley.formstack.com *.force.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com assets.juicer.io fonts.gstatic.com woobox.com *.juicer.io  *.formstack.com app.icontact.com data:    *.entenmanns.com; connect-src 'self' www.juicer.io https://www.google-analytics.com https://stats.g.doubleclick.net *.facebook.com *.force.com *.hotjar.com   *.cookielaw.org *.onetrust.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
1; mode=block 1
style-src 'self' 'unsafe-inline' use.typekit.net optimize.google.com fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'report-sample'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookiebot.com *.typekit.com *.google-analytics.com *.googletagmanager.com *.typekit.net *.googleapis.com *.google.com *.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'report-sample' hello.myfonts.net maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net *.googleapis.com *.googletagmanager.com; img-src 'self' 'unsafe-inline' 'report-sample' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.typekit.net; media-src 'self' 'unsafe-inline' 'report-sample'; frame-src 'self' 'unsafe-inline' 'report-sample' consentcdn.cookiebot.com *.google.com *.vasco-group.eu vasco-group.eu; font-src 'self' 'unsafe-inline' 'report-sample' maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net *.gstatic.com; connect-src 'self' 'unsafe-inline' 'report-sample' *.cookiebot.com use.typekit.com *.google-analytics.com *.googletagmanager.com use.typekit.net p.typekit.net *.google.com *.doubleclick.net *.googleapis.com *.vasco.eu; report-uri / admin/config/system/seckit/csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; img-src 'self' data: *.weareone.fm *.technobase.fm *.housetime.fm *.hardbase.fm *.trancebase.fm *.coretime.fm *.teatime.fm *.clubtime.fm *.replay.fm *.tb-group.fm *.google.com/recaptcha/ *.gstatic.com/recaptcha/ maps.googleapis.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.google.com/maps/embed *.youtube-nocookie.com; frame-ancestors 'self' 1
frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' data: ; img-src 'self' 'unsafe-inline' data: https://app.usercentrics.eu https://daimlerag.d2.sc.omtrdc.net; connect-src 'self' https://graphql.usercentrics.eu 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.scoreauthority.net *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io; style-src 'self' 'unsafe-inline' *.scoreauthority.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.scoreauthority.net www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com; 1
default-src 'self' *.soundcloud.com *.sndcdn.com *.tepapa.govt.nz; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com www.googleadservices.com tagmanager.google.com *.riddle.com www.google.com www.gstatic.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com  tagmanager.google.com  https://www.riddle.com/files/css/; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com s3.dualstack.ap-southeast-2.amazonaws.com www.google.com www.google.co.nz *.gstatic.com *.openstreetmap.org script.hotjar.com https://www.googletagmanager.com https://i.ytimg.com; frame-src 'self' *.issuu.com *.openstreetmap.org *.rezdy.com *.cloudfront.net *.bookitsecure.com google.com *.riddle.com *.spotify.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com *.juicer.io *.media567.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com script.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome; connect-src 'self' spreadsheets.google.com *.myfonts.net *.hotjar.com vc.hotjar.io graylog.hotjar.com *.pingdom.net *.google-analytics.com http://api.soundcloud.com stats.g.doubleclick.net https://www.catalyst-analytics.nz/piwik.php wss://ws*.hotjar.com; report-uri /report-csp-violation 1
default-src *; script-src www.partizan.com www.partizanstudio.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*  *.googleadservices.com *.google-analytics.com *.google.com  https://*.youtube.com https://*.ytimg.com  cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com ; style-src * 'unsafe-inline';img-src 'self' data: https://img.youtube.com *.google-analytics.com ; font-src 'self' data:  http://fonts.gstatic.com https://fonts.gstatic.com ; connect-src www.partizan.com www.partizanstudio.com *.google-analytics.com vimeo.com; 1
default-src 'self' www.hyd.gov.hk; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: http://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net; script-src 'strict-dynamic' 'nonce-0e99b309e25b9ea602338d52098c1ede' 'nonce-35fa7ee00607b48e82228b7bbddf3891' 'nonce-f624354e774c12cf40546a5f41c81c00' 'nonce-0d355954d64a653ec4c7fb194771c769' 'nonce-d4d5d10327be4541bbe89b4c3add07a8' 'nonce-f1a060e7666f5e9507b077ebe8e05955' 'nonce-7a4dc49873bcb3995798821edf9dcfbc' 'nonce-6a917a957972f91f9718909ba68cbe45' 'nonce-1205aa0babf1f9a105951ba776a98ea2' 'nonce-9e585c4b78ce9c38efa89a52d510ef07' 'self' https:; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-0e99b309e25b9ea602338d52098c1ede' 'nonce-35fa7ee00607b48e82228b7bbddf3891' 'nonce-f624354e774c12cf40546a5f41c81c00' 'nonce-0d355954d64a653ec4c7fb194771c769' 'nonce-d4d5d10327be4541bbe89b4c3add07a8' 'nonce-f1a060e7666f5e9507b077ebe8e05955' 'nonce-7a4dc49873bcb3995798821edf9dcfbc' 'nonce-6a917a957972f91f9718909ba68cbe45' 'nonce-1205aa0babf1f9a105951ba776a98ea2' 'nonce-9e585c4b78ce9c38efa89a52d510ef07' 'self' https: 1
default-src 'self'; manifest-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'; frame-src *; script-src 'self' 'unsafe-inline' 'nonce-wGVcxmt7iVFrDxiZvFQYO25z' 'sha256-CfgaXEY7Vws4nOCxGKKb9Ik1PQrn1H7v7puee3A+DgI=' https://*.realsrv.com; connect-src 'self' syndication.realsrv.com; object-src 'none'; base-uri 'self'; 1
default-src 'self' www.youtube-nocookie.com youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' www.vrk.nl static.mailplus.nl ssl.siteimprove.com cdn.siteimprove.net 'unsafe-eval' code.jquery.com svc.webspellchecker.net siteimproveanalytics.com youtu.be www.youtube-nocookie.com youtu.be connect.facebook.net m19.mailplus.nl data1.saliche.com translate.google.com s3-us-west-2.amazonaws.com wowww.nl siteimproveanalytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net static.mailplus.nl svc.webspellchecker.net translate.googleapis.com; img-src * data:; font-src 'self' fonts.gstatic.com svc.webspellchecker.net static3.avast.com cdn.faceworks.nl data:; connect-src 'self' my2.siteimprove.com svc.webspellchecker.net id.siteimprove.com static.mailplus.nl; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com banman.providermagazine.com host1.easypolls.net ajax.googleapis.com script.crazyegg.com cdn.calculatestuff.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com www.googletagmanager.com banman.providermagazine.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net widgets.calculatestuff.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com analytics.tiktok.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://assets.adobedtm.com http://assets.adobedtm.com https://api.tiles.mapbox.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com;worker-src blob:;frame-src 'self' https://www.youtube-nocookie.com https://kpnnl.maps.arcgis.com https://vars.hotjar.com;frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' *.itzbund.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de www.youtube.com *.ytimg.com piwik.itzbund.de *.openstreetmap.org *.cloudflare.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com; frame-src 'self' *.youtube.com *.twitter.com *.facebook.com *.sibforms.com; img-src 'self' blob: data: piwik.itzbund.de *.openstreetmap.org *.cloudflare.com *.twimg.com; font-src 'self' data:; frame-ancestors 'self'; 1
script-src 'nonce-7578b7789afb4b2487e7593fb199c043' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; 1
default-src 'self'; connect-src *.kv-rlp.de; script-src *.kv-rlp.de maps.googleapis.com ssl.google-analytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*.kv-safenet.de http://*.kv-safenet.de *.gstatic.com *.googleapis.com www.google-analytics.com ssl.google-analytics.com; font-src 'self' font.googleapis.com *.gstatic.com; child-src 'self' https://*.google.de https://*.google.com https://www.youtube-nocookie.com; object-src 'self'; frame-src 'self' https://www.youtube-nocookie.com maps.google.de www.google.de www.google.com; frame-ancestors 'self' https://www.google.de; 1
frame-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; frame-ancestors 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; child-src 'unsafe-inline' *.tussam.es *.google.com *.youtube.com *.youtube.es *.youtu.be *.ayesa.link; report-uri //report-csp-violation 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://piwik.bzga.de/ https://*.readspeaker.com; img-src 'self' data: https://piwik.bzga.de https://jwpltx.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com https://piwik.bzga.de https://*.readspeaker.com/ 1
frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net *.googleapis.com *.google.com *.google-analytics.com *.gstatic.com cdnjs.cloudflare.com *.curator.io *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net  siteimproveanalytics.com *.twitter.com *.pingdom.net *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.siteimprove.net *.curator.io; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com developers.google.com *.google-analytics.com *.doubleclick.net *.fbcdn.net *.twimg.com *.instagram.com *.curator.io *.cdninstagram.com *.ytimg.com *.siteimproveanalytics.io curatorio.s3.amazonaws.com *.googletagmanager.com; media-src 'self' ssl.gstatic.com *.fbcdn.net *.twimg.com curatorio.s3.amazonaws.com; frame-src 'self' www.youtube.com *.addthis.com seqwater.mysocialpinpoint.com *.google.com youtu.be my2.siteimprove.com *.facebook.com; frame-ancestors 'self' unitywater.com *.unitywater.com urbanutilities.com.au *.redland.qld.gov.au *.goldcoast.qld.gov.au *.logan.qld.gov.au waternet.corporate.local; child-src 'self' www.youtube.com; font-src 'self' 'unsafe-inline' themes.googleusercontent.com fonts.gstatic.com cdn.curator.io; connect-src 'self' *.google-analytics.com *.doubleclick.net my2.siteimprove.com id.siteimprove.com api.curator.io *.addthis.com *.pingdom.net; report-uri /report-csp-violation 1
default-src *.salemove.com *.salemove.eu 'self' *.feprecisionplus.com *.intercomcdn.com *.onetrust.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com ads-twitter.com *.facebook.net facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; script-src *.salemove.com *.glia.eu *.salemove.eu *.licdn.com *.onetrust.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.co.uk *.jquery.com jquery.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com  *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.googleapis.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* *.ads-twitter.com *.facebook.net *.facebook.com *.highcharts.com highcharts.com *.bing.com gstatic.com *.gstatic.com *.doubleclick.net d3js.org *.d3js.org *.consensu.org; connect-src 'self' wss://*.salemove.eu *.salemove.com *.salemove.eu *.glia.eu https://stats.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://trisproxy.charles-stanley-direct.co.uk https://cdn-ukwest.onetrust.com; style-src * 'unsafe-inline' 'unsafe-eval'; img-src *.feprecisionplus.com * data:; font-src * 'self' data:; child-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:*; frame-src *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.charles-stanley-direct.co.uk:* charles-stanley-direct.co.uk:* *.charles-stanley.co.uk:* charles-stanley.co.uk:* digital-tools.feprecisionplus.com:* *.consensu.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.yurist-online.net yurist-online.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net *.yandex.ru banners.adfox.ru avatars-fast.yandex.net favicon.yandex.neu content.adfox.ru *.googleapis.com *.yandex.net *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.2mdn.net *.google.com *.google.ru *.google-analytics.com google-analytics.com *.youtube.com youtube.com *.icq.com *.skype.com *.rambler.ru loginza.ru *.loginza.ru *.yadro.ru *.webmoney.ru *.mail.ru *.twitter.com *.facebook.com vk.com *.vk.com googletagmanager.com *.googletagmanager.com *.googletagservices.com; 1
default-src 'self' data: *.deluxebrand.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.deluxebrand.com https://in.hotjar.com https://api.sandbox.braintreegateway.com/ https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://js.braintreegateway.com https://unpkg.com https://cdn.ckeditor.com https://script.hotjar.com https://demos.telerik.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com http://cdn.appdynamics.com https://cdn.quantummetric.com https://kendo.cdn.telerik.com http://cdnjs.cloudflare.com http://ajax.googleapis.com https://ajax.aspnetcdn.com http://ajax.aspnetcdn.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://ajax.googleapis.com  https://use.fontawesome.com  https://code.jquery.com https://core.spreedly.com https://cdnjs.cloudflare.com https://dmg-widget.s3-us-west-2.amazonaws.com https://www.googletagmanager.com https://cdn.impossible.io https://maps.googleapis.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://static.hotjar.com https://scripts.hotjar.com https://dbc-gallery-images-rc.s3.us-west-2.amazonaws.com https://dbc-gallery-images.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com https://homeval-dash-dev.s3.eu-west-2.amazonaws.com; object-src 'self' data:; style-src 'self' data: 'unsafe-inline' https://cdn.deluxebrand.com https://cdn.ckeditor.com https://assets.braintreegateway.com https://dmg-widget.s3-us-west-2.amazonaws.com https://znbgsvjt7geejbnen-deluxecorp.siteintercept.qualtrics.com https://use.fontawesome.com https://kendo.cdn.telerik.com  https://core.spreedly.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://homeval-dash-dev.s3.eu-west-2.amazonaws.com; img-src data: *; media-src *; frame-src *; font-src *; connect-src 'self' data: *.deluxebrand.com https://www.google-analytics.com https://siteintercept.qualtrics.com http://col.eum-appdynamics.com https://stats.g.doubleclick.net https://7n7l08yp06.execute-api.us-west-2.amazonaws.com https://cdn.ckeditor.com https://script.hotjar.com https://dbc-gallery-images-qa.s3.us-west-2.amazonaws.com https://in.hotjar.com https://identify.hotjar.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com wss://ws6.hotjar.com/api/v2/client/ws https://dbc-gallery-images-rc.s3.us-west-2.amazonaws.com https://dbc-gallery-images.s3.us-west-2.amazonaws.com https://dmg-widget.s3-us-west-2.amazonaws.com https://stats.g.doubleclick.net https://ws22.hotjar.com https://vc.hotjar.io https://homeval-dash-dev.s3.eu-west-2.amazonaws.com https://maps.googleapis.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
default-src 'self' 'unsafe-inline' data: *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://p.adsymptotic.com/ https://wb.messengerpeople.com/ https://www.baufi-lead.de/ https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://fondsfinanzfilme1.s3-external-3.amazonaws.com/ https://fondsfinanzfilme1.s3.amazonaws.com/ https://europace2.de/ https://www.europace2.de https://widget.msgp.pl https://www.yumpu.com; script-src 'self' 'unsafe-inline' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de https://www.google.com/ https://www.google.de/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ httpS://www.googleadservices.com/ https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.facebook.com https://*.mouseflow.com/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com/ https://www.baufi-lead.de/;frame-ancestors 'self' *.fondsfinanz.de *.finanzfilme.de *.twin-homepages.de fondsfinanz.advisors-studio.de www.rd-rhein-main.com www.finanzmakler-weimar.de www.finanzbonus.com www.afp-makler.de www.afp-regionaldirektion.de www.makler-mehrwert.de www.fuvb.eu www.allfinanz-sachsen.de www.bimi-maklernetzwerk.de www.kapitalrente.de www.osthessen-versicherung.de www.nickl-versicherungsmakler.com www.ohzversicherungen.de www.1aversicherungen.de www.ms-finanzen.de www.versicherungsmakler-pinneberg.de www.wilke-finanz.de 1
default-src 'self' static.tfmetalsreport.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.tfmetalsreport.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.tfmetalsreport.com blob: *.giphy.com; frame-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.tfmetalsreport.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.addthis.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.tfmetalsreport.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.tfmetalsreport.com *.addthis.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com 1
default-src 'self' *.urban-nation.com data: *.youtube-nocookie.com *.youtube.com *.ytimg.com *.googleapis.com *.gstatic.com player.vimeo.com *.vimeocdn.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: *; frame-ancestors https://www.happymeeple.com 'self'; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; child-src 'self'; connect-src 'self' https://www.google-analytics.com https://daemon.bigogo.com wss://ws.bgogo.com wss://ws.bgogo.com/prediction; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://static.bggex.pro https://daemon.bigogo.com/ https://www.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://static.bgogo.com https://v.liaoliaosj.com blob: data:; media-src https://daemon.bigogo.com/ https://static.bgogo.com https://v.liaoliaosj.com; object-src 'self'; script-src 'self' https://static.bgogo.com https://www.googletagmanager.com https://www.google-analytics.com https://hm.baidu.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; object-src 'self' https://pts.yourfone.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.yourfone.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de; script-src 'strict-dynamic' 'nonce-50b413bf47cb837cbb35129f963a1a6f' 'nonce-82627dcbe97380dc6eb73bf0abda8896' 'nonce-8c71e4c871e405a136d9dd47908da25a' 'nonce-768129863061e6e57e5eb9953a634e46' 'nonce-d16fd6e22edbd263496dce2bf85efb07' 'nonce-e33d9c0e04ba3e7f687971fbc60e7dcd' 'nonce-c9077b9e7bd606223f351df37491f352' 'nonce-cc103532052f2d4997448a7ced5c338f' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.yourfone.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-50b413bf47cb837cbb35129f963a1a6f' 'nonce-82627dcbe97380dc6eb73bf0abda8896' 'nonce-8c71e4c871e405a136d9dd47908da25a' 'nonce-768129863061e6e57e5eb9953a634e46' 'nonce-d16fd6e22edbd263496dce2bf85efb07' 'nonce-e33d9c0e04ba3e7f687971fbc60e7dcd' 'nonce-c9077b9e7bd606223f351df37491f352' 'nonce-cc103532052f2d4997448a7ced5c338f' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru; report-uri /report-csp-violation 1
frame-ancestors 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com data:;img-src *; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net vk.com api-maps.yandex.ru bitrix.info www.google-analytics.com *.yandex.ru maps.googleapis.com www.googletagmanager.com yastatic.net; form-action 'self';frame-src 'self';media-src 'self';connect-src 'self' bitrix.info mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net 1
default-src 'self' forms.hubspot.com edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net api.hubspot.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com js.hs-scripts.com js.hs-analytics.net s.hscollectedforms.net js.usemessages.com js.hscollectedforms.ne cdn.rawgit.com js.hs-banner.com staticcontents.investisdigital.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.rawgit.com *; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' app.hubspot.com staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src ipapi.connectid.cloud *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://abxair-corp.pid2-e1.investis.com; report-uri /report-csp-violation 1
upgrade-insecure-requests; default-src 'self'; base-uri 'none'; connect-src 'self' consentcdn.cookiebot.com *.web-vision.de; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: www.youtube-nocookie.com/*; img-src 'self' https: data: 'unsafe-inline' *.google.com www.google-analytics.com maps.googleapis.com *.cloudfront.net *.tradingview.com cookielaw.org *.cookielaw.org; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.google.com www.google-analytics.com maps.googleapis.com stat.web-vision.de stats.web-vision.de; style-src 'self' https: 'unsafe-inline'; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 1
child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://history.steem-engine.net https://servedby.revive-adserver.net https://pagead2.googlesyndication.com https://steemd.minnowsupportproject.org https://cdn.snax.one https://api.steem-engine.net https://scot-api.steem-engine.net https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us https://apisct.cloud; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' data: ; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
default-src 'self' forms.hubspot.com edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net api.hubspot.com socket.tidio.co wss://socket.tidio.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.co *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com js.hs-scripts.com js.hs-analytics.net s.hscollectedforms.net js.usemessages.com js.hscollectedforms.ne cdn.rawgit.com *.hs-banner.com code.tidio.co widget-v4.tidiochat.com staticcontents.investisdigital.com sc.lfeeder.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.rawgit.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com widget-v4.tidiochat.com; frame-src 'self' app.hubspot.com staticcontents.investis.com www.google.com  irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net ipapi.connectid.cloud wss://socket.tidio.co *.amazonaws.com *.investisdigital.com geoid.investisdigital.com; report-uri /report-csp-violation 1
default-src 'self' blob: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com *.cloudflareinsights.com; style-src 'self' data: 'unsafe-inline' xuri.me *.xuri.me disqus.com *.disqus.com disquscdn.com *.disquscdn.com cloudflare.com *.cloudflare.com google.com *.google.com www.googletagmanager.com www.google-analytics.com youtube.com *.youtube.com *.ampproject.org *.googleapis.com; font-src https: data: about:; img-src data: https: 1
default-src 'self' 'unsafe-inline' muffingroup.com proxycheck.io *.cloudflare.com *.fairycosmo.com *.fairyintra.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gravatar.com *.creativecommons.org licensebuttons.net *.google.com *.gstatic.com *.w.org *.mediadelivery.net *.jsdelivr.net *.b-cdn.net data: *.fairycosmo.com *.mediadelivery.net *.b-cdn.net; worker-src 'self' fairycosmo.com; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self'  *.destatis.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net  chatbot.it.bund.de www9.idev.nrw.de;object-src 'self' multimedia.gsb.bund.de  *.destatis.de piwik.itzbund.de www9.idev.nrw.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events chatbot.it.bund.de doo.net/de-de/widget/ www9.idev.nrw.de *.arcgis.com data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com  *.destatis.de piwik.itzbund.de chatbot.it.bund.de www9.idev.nrw.de; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' 1
object-src 'none'; media-src 'none' 1
reflected-xss 1
default-src 'self' *.google-analytics.com data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net s3.amazonaws.com i.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com i.icomoon.io; img-src 'self' data: *.ytimg.com; upgrade-insecure-requests 1
default-src 'self'; frame-src 'self' *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://api.reciteme.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://api.reciteme.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://api.reciteme.com https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' https://api.reciteme.com 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-servicing.azureedge.net https://tagmanager.google.com https://cdn.jsdelivr.net https://az416426.vo.msecnd.net https://www.googletagmanager.com *.inmoment.com https://www.google-analytics.com *.abtasty.com cdn.segment.com/analytics.js https://mfhcms.assurant.com; style-src 'self' 'unsafe-inline' https://cdn-servicing.azureedge.net https://tagmanager.google.com https://fonts.googleapis.com https://mfhcms.assurant.com; img-src *; child-src https://mfhcms.assurant.com https://dispawsusva.inmoment.com https://www.inmoment.com https://feedback.inmoment.com https://ssl.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://mfhcms.assurant.com 1
frame-ancestors 'self' piwik.betaalvereniging.nl; 1
base-uri 'self'; default-src https: 'self'; script-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://snap.licdn.com http://js.hs-scripts.com http://js.hs-analytics.net/ https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com http://*.hsforms.com http://js.hsforms.net/forms/v2.js http://js.hs-scripts.com/9480127.js https://*.hscta.net http://cta-service-cms2.hubspot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.yolt.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://*.google.com https://*.google.co.za https://*.adsymptotic.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://forms.hsforms.com; connect-src 'self' data: *.optimizely.com *.salesforce.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google.com https://js.hs-banner.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://forms.hsforms.com https://api.hubapi.com; font-src 'self' data:; object-src 'none'; frame-src 'self' data: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.hsforms.com https://*.hubspot.com; form-action 'self' data: https://forms.hsforms.com; frame-ancestors 'self' data: https://www.googletagmanager.com https://www.google.com; 1
default-src 'self'; script-src 'self' https://*.astonmiles.com https://code.jquery.com https://www.google-analytics.com https://*.fontawesome.com https://*.googleapis.com //*.gstatic.com; style-src 'self' https://*.astonmiles.com https://*.googleapis.com https://*.fontawesome.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com; img-src 'self' https://*.astonmiles.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com; connect-src 'self' https://*.astonmiles.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.fontawesome.com https://code.jquery.com //*.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none';upgrade-insecure-requests 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.cloudfront.net max-access-toolbar.onlineada.workers.dev *.amazonaws.com *.maxaccess.io; script-src 'self' www.googletagmanager.com js.hsadspixel.net *.hs-banner.com *.crazyegg.com js.hs-analytics.net *.equalweb.com access.equalweb.com connect.facebook.net www.google.com *.gstatic.com maps.googleapis.com *.hotjar.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.maxaccess.io *.audioeye.com *.userway.org *.cloudfront.net maxaccess-api.onlineada.workers.dev; style-src 'self' *.typekit.net *.fonts.net fonts.googleapis.com maps.googleapis.com *.userway.org *.maxaccess.io api.maxaccess.io/scripts/toolbar/*; img-src 'self' www.googletagmanager.com *.webdamdb.com www.google-analytics.com insight.adsrvr.org www.facebook.com data: maps.gstatic.com *.googleapis.com *.ggpht.com *.hubspot.com img.youtube.com blog.hobartcorp.com  *.hsforms.com *.cloudfront.net *.maxaccess.io maxaccess.io *.userway.org warewash.hobartcorp.com; frame-src 'self' *.google.com *.hotjar.com *.youtube.com *.webdamdb.com *.hsforms.com *.facebook.com; font-src 'self' use.typekit.net fast.fonts.net fonts.gstatic.com; connect-src 'self' api.hubapi.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net *.equalweb.com *.hotjar.com *.hotjar.io *.facebook.com *.hsforms.com tracking.crazyegg.com *.amazonaws.com *.maxaccess.io *.userway.org *.cloudfront.net d3tl8vem8osmxf.cloudfront.net d5gilh1ztb0u5.cloudfront.net forms.hubspot.com *.workers.dev; report-uri /report-csp-violation 1
default-src 'none' ; script-src   'self'   'unsafe-inline'   'unsafe-eval'   https://static.cloudflareinsights.com   https://*.fullstory.com   https://ssl.gstatic.com   https://*.googleapis.com   https://www.google-analytics.com   https://www.googletagmanager.com   https://*.hotjar.com   https://*.iesnare.com   https://*.iovation.com   https://www.locize.app   https://cdn.otherlevels.com   https://c.paypal.com   https://*.paywithmybank.com   http://static.cdn.prismic.io   https://sdk.privacy-center.org   https://widgets.sir.sportradar.com   https://*.trustly.one   https://*.twitch.tv   https://www.youtube.com   https://*.zdassets.com   https://*.zendesk.com   https://*.zopim.com   https://www.datadoghq-browser-agent.com   https://consent.cookiebot.com   https://connect.facebook.net   https://consentcdn.cookiebot.com   blob:   data: ; connect-src   'self'   https://*.joabet.fr   wss://*.joabet.fr   https://*.datadoghq.eu   https://rs.fullstory.com   https://*.gaming1.com   wss://*.gaming1.com   wss://*.gaming1.com:10002   https://*.googleapis.com   https://www.google-analytics.com   https://stats.g.doubleclick.net   https://*.hotjar.com   wss://*.hotjar.com   wss://mpsnare.iesnare.com   https://*.otherlevels.com   https://wss.plc-gc.com:*   wss://wss.plc-gc.com:*   https://*.cdn.prismic.io   https://*.prismic.io   https://api.privacy-center.org   https://*.slpuat.com   https://lmt.fn.sportradar.com   https://widgets.fn.sportradar.com   https://widgets.sir.sportradar.com   https://*.zdassets.com   https://*.zendesk.com   https://*.zopim.com   https://www.facebook.com   https://consentcdn.cookiebot.com   wss://*.zopim.com ; style-src   'self'   'unsafe-inline'   http://fonts.googleapis.com   https://fonts.googleapis.com   https://fonts.gstatic.com   https://widgets.sir.sportradar.com ; font-src   'self'   data:   http://fonts.googleapis.com   https://fonts.googleapis.com   https://fonts.gstatic.com   https://script.hotjar.com ; frame-src   'self'   https://*.gaming1.com   https://www.google.com/maps/embed   https://*.hotjar.com   https://*.paywithmybank.com   https://*.trustly.one   https://player.twitch.tv   https://www.youtube.com/embed/   https://consentcdn.cookiebot.com  ; img-src   *   blob:   data: ; media-src    *   data: ; manifest-src 'self' ; object-src 'none' ; form-action   https://*.paywithmybank.com   https://*.slpuat.com   https://*.trustly.one   https://secure.payzen.eu ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com ajax.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com snap.licdn.com d10lpsik1i8c69.cloudfront.net static.cloudflareinsights.com; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' 1
object-src 'self'; 1
img-src * data:; style-src 'self' 'unsafe-inline' *.readspeaker.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com *.readspeaker.com matomo.rexx-systems.com;frame-ancestors 'self' www.service-gmbh-schwarzwald.de ; 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://google-analytics.com http://cdnjs.cloudflare.com https://www.google-analytics.com https://www.recaptcha.net https://maps.googleapis.com https://maps.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-T0RRMU56aGxOV0kxWVROaE5XRms=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-T0dZNU16ZzFaamc0Wm1Zd1pXUmw=' *.readspeaker.com gis.bvowb.nl 'nonce-Tm1NNU5qVmxObVV5TlRaaVpqVm0='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com gis.bvowb.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-7SFa3Z4uDDIEQKMkcp7Id+zL9lqhIPnsJw53AfaRpBU=' 'sha256-ZzK5Vqk5m9+Qzc36oY+ULgcPdOLudnv0HR9zsUZwJt4=' 'nonce-T1dNMVpUUXlObVkyTVRaaVpEWm0='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl service.pdok.nl gis.bvowb.nl; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com gis.bvowb.nl; connect-src 'self' *.readspeaker.com gis.bvowb.nl; report-uri /report-csp-violation 1
default-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: about: ssl.google-analytics.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com www.google-analytics.com; connect-src 'self' ssl.google-analytics.com www.google-analytics.com; worker-src 'self'; 1
report-uri //report-csp-violation 1
default-src 'self'; object-src 'self' https://pts.maxxim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.maxxim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de; script-src 'strict-dynamic' 'nonce-e173e501016ab750b4b96bc1d1292630' 'nonce-71c5506fea5e79c854d0a9df033bc3ed' 'nonce-af614868881f25355982c552a9ec7ecd' 'nonce-61e0425fdd42295ac21edf2edf690249' 'nonce-31e24a31855d1c91434a7dc77d3b559e' 'nonce-7e0bf65a0f2a185f8d6f66d90a82d02a' 'nonce-c6c12a47dfe34f1a420103199936c9fd' 'nonce-175d67b0e4504e25cc2ee402b04ec031' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.maxxim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-e173e501016ab750b4b96bc1d1292630' 'nonce-71c5506fea5e79c854d0a9df033bc3ed' 'nonce-af614868881f25355982c552a9ec7ecd' 'nonce-61e0425fdd42295ac21edf2edf690249' 'nonce-31e24a31855d1c91434a7dc77d3b559e' 'nonce-7e0bf65a0f2a185f8d6f66d90a82d02a' 'nonce-c6c12a47dfe34f1a420103199936c9fd' 'nonce-175d67b0e4504e25cc2ee402b04ec031' 'self' 'unsafe-inline' https: 'report-sample' 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/ https://pixelg.adswizz.com/ https://www.google.com/ https://www.google.com.pk/ https://www.google.co.uk/ https://scontent-ort2-2.cdninstagram.com/ https://maps.gstatic.com/ https://www.google.ro/ https://www.germandonerkebab.com https://connect.facebook.net https://arhesoctro.cloudimg.io https://scontent-lhr8-1.cdninstagram.com https://scontent-lht6-1.cdninstagram.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dme0ih8comzn4.cloudfront.net/js/feather.js https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://connect.facebook.net/ https://tag.simpli.fi/ https://cdnjs.cloudflare.com/ http://owlgraphic.com/ http://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://connect.facebook.net/ https://www.facebook.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://json.geoiplookup.io https://sc-static.net/scevent.min.js https://www.germandonerkebab.com http://fonts.googleapis.com/ http://api.filestackapi.com https://cdn.scaleflex.it https://ipinfo.io https://www.clickcease.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com/ https://ton.twimg.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com http://fonts.googleapis.com/ https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://www.germandonerkebab.com https://dialog.filestackapi.com/ https://www.filestackapi.com/ https://docs.google.com; connect-src 'self' http://ip-api.com/ https://json.geoiplookup.io/api https://www.germandonerkebab.com https://www.google-analytics.com/ https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ http://cloud.typenetwork.com/ https://www.germandonerkebab.com https://cdn.jsdelivr.net; media-src 'self'; object-src 'self'; frame-ancestors none 1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-0324a3ecb3dcd8bced7baa2ca504c7bf' 'nonce-8d05b7ecf4b05c44e74e00ee1643496d' 'nonce-16e626451cca05ecca050dd4ca88f6be' 'nonce-09c6dcf45d78707bb442cf49cf038bff' 'nonce-861ea58d51ea0b4b2836e9eba455e761' 'nonce-1478f3c07115b1b07cf4022ff87c6820' 'nonce-5060d2ec1a08f43188bcb5bbb71c4f48' 'nonce-b9b362c40feb38d773024923c215ec2a' 'nonce-568023f2cb91113befb836bcbccb3d1c' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-0324a3ecb3dcd8bced7baa2ca504c7bf' 'nonce-8d05b7ecf4b05c44e74e00ee1643496d' 'nonce-16e626451cca05ecca050dd4ca88f6be' 'nonce-09c6dcf45d78707bb442cf49cf038bff' 'nonce-861ea58d51ea0b4b2836e9eba455e761' 'nonce-1478f3c07115b1b07cf4022ff87c6820' 'nonce-5060d2ec1a08f43188bcb5bbb71c4f48' 'nonce-b9b362c40feb38d773024923c215ec2a' 'nonce-568023f2cb91113befb836bcbccb3d1c' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 1
default-src 'self'; child-src 'self' *.a-ads.com www.youtube.com w.soundcloud.com player.vimeo.com www.google.com coub.com *.yandex.ru t.me vk.com *.vk.com ok.com rutube.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.sharpay.io www.google-analytics.com telegram.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src * data:; font-src data: fonts.gstatic.com; connect-src 'self' api.imgur.com wss://api.golos.id *.golos.app golos.app *.golos.today app.sharpay.io www.google-analytics.com cdn.jsdelivr.net/npm/emoji-picker-element-data@%5E1/; frame-ancestors 'none'; report-uri /api/v1/csp_violation 1
default-src 'self' gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.gleam.io *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.gleamjs.io *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 1
default-src 'self' data:; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.myfonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net *.walls.io; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.bmbfcluster.de *.wmflabs.org; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src *; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.alperia.eu *.tawk.to *.google.hr *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.outbrain.com *.microad.jp *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.zenaps.com *.sciencebehindecommerce.com onetag-sys.com *.onetag-sys.com *.doubleclick.net *.googleadservices.com *.dwin1.com *.gstatic.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.facebook.net *.dynatrace.com *.alperia.eu *.tawk.to *.cloudflare.com *.newrelic.com *.trustpilot.com *.bootstrapcdn.com *.jsdelivr.net *.google-analytics.com *.nr-data.net *.google.com *.googleapis.com *.tagcommander.com *.etermin.net *.unpkg.com unpkg.com *.aklamio.com *.tradedoubler.com *.smct.io *.smct.co *.retargeted.co *.google.hr *.hosting-suite.it *.smct.co smct.co *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.rfihub.net  *.retargeted.co api.commander1.com *.trustcommander.net static.addtoany.com; style-src 'self' 'unsafe-inline' *.tawk.to *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net *.smct.io *.smct.co *.hosting-suite.it; img-src 'self' *.microad.jp *.adscale.de *.ants.vn *.atdmt.com *.smartclip.net *.clmbtech.com *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.facebook.com *.tagcommander.com *.gstatic.com *.facebook.net *.commander1.com *.commander.com *.google *.dwin1.com *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.google-analytics.com *.tawk.to *.doubleclick.net *.sciencebehindecommerce.com *.google.com *.google.it *.gstatic.com *.googleapis.com data: *.aklamio.com *.alperiagroup.eu *.smct.io *.smct.co *.commander1.com *.outbrain.com *.smartadserver.com *.adnxs.com *.yahoo.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.3lift.com *.media.com *.sharethrough.com *.omnitagjs.com *.stickyadstv.com *.advertising.com *.ivitrack.com *.liadm.com *.smaato.net *.mgid.com *.yieldmo.com *.adnxs.com *.criteo.com *.openx.net *.omnitagis.com *.mediavine.com *.media.net *.rlcdn.com *.rfihub.com *.tremorhub.com *.dmxleo.com *.rubiconproject.com *.socdm.com ad.yieldlab.net x.bidswitch.net; media-src 'self' *.tawk.to; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.criteo.com *.criteo.net  *.youtube.com *.google.de *.zenaps.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.trustpilot.com *.alperia.eu *.tawk.to *.etermin.net *.aklamio.com *.hosting-suite.it *.visim.eu smct.co *.rfihub.com *.trustcommander.net static.addtoany.com; font-src 'self' 'unsafe-inline' *.tawk.to *.google.com *.gstatic.com data: *.googleusercontent.com *.hotjar.com; connect-src 'self' data: *.gstatic.com *.google.de *.zenaps.com *.google.com onetag-cdn.com *.onetag-cdn.com *.sciencebehindecommerce.com *.facebook.com *.google.al *.google.ch *.google.fr *.bing.com *.googletagmanager.com *.alperia.eu *.sentry.io *.tawk.to *.nr-data.net wss://*.tawk.to *.dynatrace.com *.alperiaenergy.eu *.amazonaws.com *.google-analytics.com *.doubleclick.net *.alperiagroup.eu *.commander1.com *.google.hr *.smct.co *.smct.io *.googleapis.com *.alperiagroup.eu *.beintoo.net *.criteo.com *.criteo.net *.hotjar.com *.hotjar.io *.rfihub.net *.retargeted.co *.trustcommander.net *.hotjar.com wss://*.hotjar.com cdn.tagcommander.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' *.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google-analytics.com *.ckeditor.com *.local *.dotdemos.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.ytimg.com *.youtube.com cbos.gov.sd *.cbos.gov.sd *.dot.jo www.google.com s7.addthis.com m.addthisedge.com m.addthis.com cdnjs.cloudflare.com; object-src 'unsafe-inline'; style-src 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ckeditor.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo *.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com jwpltx.com *.jwpltx.com cbos.gov.sd *.cbos.gov.sd *.dot.jo stats.g.doubleclick.net *.ckeditor.com; media-src 'self' 'unsafe-inline' data: *.jsdelivr.net *.googleapis.com *.gstatic.com *.google-analytics.com *.local *.dotdemos.com cbos.gov.sd *.cbos.gov.sd *.dot.jo; frame-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:* *.google.com; font-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.local *.dotdemos.com *.jwpcdn.com *.jwpsrv.com cbos.gov.sd *.cbos.gov.sd *.dot.jo fonts.google.com maxcdn.bootstrapcdn.com *.google.com; connect-src 'self' 'unsafe-inline' *.googleapis.com google.com *.google.com *.gstatic.com *.youtube.com *.local *.dotdemos.com cbos.gov.sd *.gov.sd *.dot.jo *.addthis.com cbos.gov.sd:*; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; img-src https://www.google-analytics.com 'self' data: blob:; script-src 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-inline' https://www.elektronicznypodpis.pl https://chrome.google.com  https://addons.opera.com 'unsafe-eval' */pdf.js */viewer.js blob:; connect-src 'self' blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; child-src 'self' blob: https: http:; 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval'             js.hs-scripts.com             js.hsadspixel.net             js.hs-analytics.net             js.hs-banner.com             a.opmnstr.com             *.hotjar.com             *.salemove.com             *.glia.com             redbook.listerhill.com             connect.facebook.net             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google-analytics.com             *.google.com             seal.digicert.com             *.typeform.com             *.newtonsoftware.com             *.google-analytics.com             *.googletagmanager.com             *.stripe.com             ssl.gstatic.com 			*.buzzsprout.com             *.omappapi.com;         object-src 'self' data:;         style-src 'self' data: 'unsafe-inline'             *.google-analytics.com             *.google.com             *.groovecar.com             listerhill.groovecar.com             *.salemove.com             *.glia.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com;         img-src 'self' data: 		    *.craft-cdn.com             www.facebook.com             *.googletagmanager.com             maps.gstatic.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com             *.google-analytics.com             *.google.com             seal.digicert.com             i.ytimg.com             i.vimeocdn.com             *.mapbox.com             *.doubleclick.net             *.google.com             *.google-analytics.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			px.ads.linkedin.com 			www.linkedin.com 			p.adsymptotic.com 			track.hubspot.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         media-src 'self' data:             vimeo.com             youtube.com             *.youtube.com             vimeocdn.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com 			libs.salemove.com 			*.gstatic.com             *.salemove.com             *.glia.com             *.listerhill.com;         frame-src data:             *.hotjar.com             *.groovecar.com             listerhill.groovecar.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             listerhill.com             *.google-analytics.com             *.google.com             *.stripe.com             ssl.gstatic.com             *.omappapi.com             *.vimeo.com             youtube.com             *.youtube.com             newton.newtonsoftware.com 			*.buzzsprout.com             *.typeform.com             *.salemove.com             zlcuma.secure.fundsxpress.com;         font-src 'self' data:             *.google-analytics.com             *.google.com             fonts.gstatic.com             *.groovecar.com             listerhill.groovecar.com             *.salemove.com             *.glia.com             use.fontawesome.com             hello.myfonts.net/count/3b4dc0             cdnjs.cloudflare.com             *.listerhill.com             *.googleapis.com;         connect-src 'self' wss:			*.craftcms.com             *.salemove.com             *.glia.com             *.twilio.com             vc.hotjar.io             api.opmnstr.com             ssl.gstatic.com             *.omappapi.com             *.hotjar.com             *.google-analytics.com             stats.g.doubleclick.net 			api.hubapi.com 			api.craftcms.com 			translate.googleapis.com             maps.googleapis.com 1
default-src 'self' ; script-src 'self' 'nonce-TmpWbE16UmlOR0l3WkRZd1pqQmw=' *.kaartviewer.nl 'nonce-TWpCbU9HRmlNREF3T1dOa01tTms=' 'nonce-WldRNE1HWmxOekptTTJGaU56Vmw=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-vJvZ50z7Thmu7Jq9h9vuyAkEeU7P7nXlz36qfbgjsIM=' *.kaartviewer.nl 'nonce-TVdWa05USXhaVEE1TVRjM05ERm0='; img-src 'self' data: *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com raster.horstaandemaas.nl; media-src 'self'; frame-src 'self' *.youtube.com www.youtube.com *.google.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.kaartviewer.nl *.ionicframework.com fonts.gstatic.com; connect-src 'self' *.kaartviewer.nl *.siteimprove.com *.servmetric.com; report-uri /report-csp-violation 1
base-uri 'self'; form-action 'self' *.idrelay.com; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.mucf.se http://mfstatic.com *.inviewer.se *.mediaflowpro.com *.jsdelivr.net; media-src blob:; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com *.ungidag.se *.mediaflowpro.com blob:; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.hcaptcha.com hcaptcha.com trk.idrelay.com blob:; font-src 'self' mfstatic.com; connect-src 'self' https://*.mucf.se https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hcaptcha.com https://*.speechstream.net stats.c4223.cloudnet.cloud https://*.mediaflow.com https://*.inviewer.se mfstatic.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none';child-src 'none';connect-src 'self' https://insights.algolia.io https://cookie-cdn.cookiepro.com https://*.algolia.net https://*.algolianet.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.marker.io https://ssr.marker.io http://s7.addthis.com https://m.addthis.com https://cookiepro.blob.core.windows.net https://geolocation.onetrust.com https://webapps.portofantwerp.com https://geocode.arcgis.com https://cookies-data.onetrust.io https://geolocation.onetrust.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io;default-src 'self' https://d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com;font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;form-action 'self' https://analytics.clickdimensions.com;frame-ancestors *;frame-src *;img-src 'self' https://cdn.uc.assets.prezly.com https://www.google.be d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://www.google-analytics.com https://app.clickdimensions.com www.googletagmanager.com https://www.google.com https://cookie-cdn.cookiepro.com https://cookiepro.blob.core.windows.net http://services.arcgisonline.com http://server.arcgisonline.com https://webapps.portofantwerp.com https://unpkg.com https://www.facebook.com https://t.co https://*.twitter.com https://*.ads.linkedin.com data:;manifest-src 'self';media-src 'self' https://d2csxpduxe849s.cloudfront.net;object-src 'none';prefetch-src 'self';script-src 'self' https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://www.google-analytics.com https://edge.marker.io https://cdn-us.clickdimensions.com https://analytics.clickdimensions.com http://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdn.jsdelivr.net https://webapps.portofantwerp.com https://geocode.arcgis.com https://www.google.com https://www.gstatic.com https://snap.licdn.com https://*.ads-twitter.com https://connect.facebook.net wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-us.clickdimensions.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net;worker-src 'self'; 1
frame-ancestors 'self' https://*.salesforce.com 1
script-src 'self' 'nonce-IdXnjY3CtKS2bVRaTMH1Gckw' 'nonce-atx-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://ssl.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://sfapi.formstack.io https://translate.google.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://pi.pardot.com http://cdn.pardot.com http://pi.pardot.com/analytics *.artifex.com *.ghostscript.com *.mupdf.com; report-uri /csp-report/standard-report.php; 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-WkRWbU5tUTRNelZsWldVME1UZzQ=' app.cobrowser.com 'nonce-WmpneU1qUTJaR0UwTmpnMk5EZzM=' *.readspeaker.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com piwik.duiven.nl 'nonce-TXpFek5XUmhaVFE0WldZd05USTM=' 'nonce-TldNME1EVmtNREE1WldJNFpqazE=' 'nonce-WkRnNFpUazFNVFU1WkRBMk5EUTE='; object-src 'self'; style-src 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' app.cobrowser.com 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com 'nonce-WXpFNU1EVmlNR1kwTldOak4ySTA=' fonts.googleapis.com; img-src 'self' data: app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.duiven.nl www.gstatic.com *.ytimg.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; frame-ancestors 'self' piwik.duiven.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com app.cobrowser.com *.readspeaker.com *.ionicframework.com fonts.gstatic.com cdn.faceworks.nl; connect-src 'self' app.cobrowser.com wss://app.cobrowser.com *.readspeaker.com *.siteimprove.com *.servmetric.com piwik.duiven.nl fonts.googleapis.com cdn.faceworks.nl; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/ data: https://shop.bzga.de/; img-src 'self' data: https://shop.bzga.de/ https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://static.codepen.io https://marketing.envylabs.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com; img-src 'self' https://marketing.envylabs.com https://secure.gravatar.com https://*.ads.linkedin.com https://*.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleusercontent.com https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://yoast.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://insight-engine.newfangled.com https://yoast.com; frame-src 'self' https://codepen.io https://www.google.com https://www.youtube.com 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-WW1RNVpqWTBZVEJsT1dFNFlUZzM=' www.googletagmanager.com *.google-analytics.com 'nonce-WmpNeFlXRTFNelJpWkRRMU1qRm0=' 'nonce-TUdZNVlXVmtaR1JsTUdNNU9ETTI=' 'nonce-TVRrMFl6VTRPVFZoTTJWak16bGo=' 'nonce-TXpaaE5qVTRNMlJqT1dKbU5HRXc=' 'nonce-WW1FeU5EUXdZVE0wTUdNNU16VTA=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' 'nonce-T0ROaFpEY3hZbUpsTVROaU5EUmw=' 'sha256-owo1ZJpcrRkAGkV4k/EBOwhPpNEui6mpaaGBvI71tsg=' *.readspeaker.com 'nonce-WVRSak1EZ3haakU1WmpZeFltSXk='; img-src 'self' data: *.google-analytics.com *.gstatic.com *.openstreetmap.org *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io www.gstatic.com *.ytimg.com *.readspeaker.com; media-src 'self' *.readspeaker.com; frame-src 'self' www.youtube.com *.readspeaker.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.ionicframework.com fonts.gstatic.com *.readspeaker.com; connect-src 'self' *.google-analytics.com *.siteimprove.com *.servmetric.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com 1
default-src 'self' blob: https://vars.hotjar.com/; frame-src 'self'  *.webspellchecker.net/  https://fnk-main-prd-zsa-uploads.s3.eu-west-1.amazonaws.com/ https://nspa.org.uk/ https://www.zsabenchmarking.co.uk/ https://w.soundcloud.com/ *.buzzsprout.com  *.hotjar.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval'   *.webspellchecker.net/ https://mozilla.github.io/ * https://mozilla.github.io/pdf.js/build/pdf.js https://cdn.jsdelivr.net/gh/fancyapps/ *.buzzsprout.com *.heat6have.com https://static.hotjar.com/ https://www.googletagmanager.com/ *.hotjar.com https://www.googletagmanager.com/jar.com blob: https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline'   *.webspellchecker.net/ https://cdnjs.cloudflare.com/ajax/libs/summernote/ *.hotjar.com *.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/fancyapps/ *.typekit.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'   *.webspellchecker.net/ *.amazonaws.com https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://translate.googleapis.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com/ https://feeds.trac.jobs/ 1
default-src 'self'; script-src 'self' 1
default-src 'self' https://cdn.competitionsuite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://sentry.io https://cdn.ravenjs.com https://js.stripe.com https://checkout.stripe.com https://cdn.firebase.com https://www.gstatic.com https://*.firebaseio.com https://kendo.cdn.telerik.com https://ajax.googleapis.com www.google-analytics.com ssl.google-analytics.com ajax.cloudflare.com cdn.pubnub.com https://ajax.cloudflare.com https://d3js.org sdk.amazonaws.com beacon-v2.helpscout.net static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com/ unpkg.com; style-src 'self' data: 'unsafe-inline' https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://cdn.competitionsuite.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cdn.competitionsuite.com https://competitionsuite.com https://cdn.competitionsuite.io https://cdn.competitionsuite.com https://vault.compsuite.io https://competitionsuite.blob.core.windows.net https://s3.amazonaws.com cs-profile-upload.s3.amazonaws.com www.google-analytics.com ssl.google-analytics.com http://kendo.cdn.telerik.com https://*.stripe.com d33v4339jhl8k0.cloudfront.net; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://player.vimeo.com *.firebaseio.com mozilla.github.io https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://cdn.competitionsuite.com files.competitionsuite.com https://socket.competitionsuite.com https://sentry.io wss://socket.competitionsuite.com wss://*.firebaseio.com https://s3.amazonaws.com *.stripe.com *.vimeo.com *.pndsn.com cs-video.s3.amazonaws.com cognito-identity.us-east-1.amazonaws.com www.google-analytics.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net; media-src 'self' http://audio.competitionsuite.com https://audio.competitionsuite.com https://s3.amazonaws.com; report-uri https://sentry.io/api/1333530/security/?sentry_key=db3117a28c894c5ebfcaf7b702a4f22f&sentry_environment=production 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline'; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net; img-src 'self' app.workfrontfusion.com/static data: https://ipm.workfrontfusion.com secure.gravatar.com usage.trackjs.com; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com capture.trackjs.com rum-http-intake.logs.datadoghq.com *.split.io; frame-src 'self' app.workfrontfusion.com/static; script-src 'self' cdn.trackjs.com use.typekit.net; object-src 'self' app.workfrontfusion.com/static 1
form-action *.iwis.com *.dual-mode-vcs.com *.gwb-lernen.com *.iwis-daido.com *.kindergarten-kinderkette.de; base-uri none; default-src 'unsafe-inline' 'unsafe-eval' userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com wss://chat.userlike.com wss://umd.userlike.com *.youtube.com *.eventvote.de *.vimeo.com vimeo.com *.doubleclick.net *.youtube-nocookie.com *.traceparts.com *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.iwis.com *.dual-mode-vcs.com  *.gwb-lernen.com *.expo-ip.com *.iwis-daido.com *.kindergarten-kinderkette.de https://*.crisp.chat wss://*.crisp.chat https://unpkg.com data: 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://optimize.google.com https://static.klaviyo.com *.facebook.com *.chargebee.com; style-src data: 'self' 'unsafe-inline' *.myfonts.net https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://static.klaviyo.com https://cdnjs.cloudflare.com/ajax/libs/flatpickr/4.5.4/flatpickr.min.css *.chargebee.com; img-src * data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com *.chargebee.com; media-src *; font-src * https://fonts.gstatic.com https://checkout.orangefit.nl data:; connect-src * data: blob: 'unsafe-inline'; frame-src 'self' *.youtube.com *.google.com *.facebook.com *.criteo.com *.vimeo.com *.hotjar.com *.chargebee.com https://optimize.google.com https://servicepoints.sendcloud.sc; prefetch-src 'self' https://static.klaviyo.com 1
default-src 'self' http: https: ; media-src 'self' www.youtube.com youtube.com ; font-src 'self' netdna.bootstrapcdn.com *.github.io ; object-src data: www.youtube.com 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.github.io bachmannazprd.kittelberger.net oxomi.com ; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto:; frame-ancestors 'self' https: 1
default-src 'self' forms.hubspot.com edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net api.hubspot.com socket.tidio.co wss://socket.tidio.co google-analytics.com google-analytics.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.co *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com js.hs-scripts.com js.hs-analytics.net s.hscollectedforms.net js.usemessages.com js.hscollectedforms.ne cdn.rawgit.com *.hs-banner.com code.tidio.co widget-v4.tidiochat.com staticcontents.investisdigital.com sc.lfeeder.com player.vimeo.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.rawgit.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com widget-v4.tidiochat.com; frame-src 'self' app.hubspot.com staticcontents.investis.com www.google.com  irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com atsginc.wufoo.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net ipapi.connectid.cloud wss://socket.tidio.co  *.amazonaws.com *.investisdigital.com; report-uri /report-csp-violation 1
default-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com cse.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src data: https: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.google-analytics.com *.gstatic.com *.google.com platform.twitter.com 1
default-src *; style-src 'self' 'unsafe-inline' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://safesear.ch http://*.safesear.ch http://*.adnxs.com http://*.yahooapis.com http://*.yahoo.net http://*.yahoo.com http://*.newrelic.com https://safesear.ch https://*.safesear.ch https://*.adnxs.com https://*.yahooapis.com https://*.yahoo.net https://*.yahoo.com https://*.newrelic.com http://*.akamai.net https://*.akamai.net http://*.nr-data.net https://*.nr-data.net;connect-src 'self';img-src 'self' http://safesear.ch http://*.safesear.ch https://safesear.ch https://*.safesear.ch data:; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://sibautomation.com 1
base-uri 'self' https://www.pink.test https://www.selesti.com; default-src 'self'; connect-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.facebook.net *.facebook.net https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google-analytics.com *.google-analytics.com https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-growth-metrics.com *.hs-growth-metrics.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsadspixel.net *.hsadspixel.net https://*.hubspot.com *.hubspot.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://api.hubapi.com api.hubapi.com https://apis.google.com apis.google.com https://fonts.googleapis.com fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com https://fpdl.vimeocdn.com fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://googleadservices.com googleadservices.com https://js.hs-banner.com js.hs-banner.com https://js.hsforms.net js.hsforms.net https://player.vimeo.com player.vimeo.com https://poirot.selesti.com poirot.selesti.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com data:; form-action 'self' https://checkforcloudflare.selesti.com checkforcloudflare.selesti.com https://forms.hsforms.com forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.google.com *.google.com https://*.gstatic.com *.gstatic.com https://*.slideshare.net *.slideshare.net https://*.vimeo.com *.vimeo.com https://*.youtube.com *.youtube.com https://app.hubspot.com app.hubspot.com https://forms.hsforms.com forms.hsforms.com; img-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.com *.facebook.com https://*.google-analytics.com *.google-analytics.com https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.jp *.google.co.jp https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.se *.google.se https://*.google.sk *.google.sk https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hsforms.com *.hsforms.com https://*.hsforms.net *.hsforms.net https://*.hubspot.com *.hubspot.com https://*.linkedin.com *.linkedin.com https://cx.atdmt.com cx.atdmt.com blob: data:; media-src https://*.vimeo.com *.vimeo.com https://*.vimeocdn.com *.vimeocdn.com https://gcs-vimeo.akamaized.net gcs-vimeo.akamaized.net https://ssl.gstatic.com ssl.gstatic.com https://vod-progressive.akamaized.net vod-progressive.akamaized.net; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.doubleclick.net *.doubleclick.net https://*.facebook.net *.facebook.net https://*.google-analytics.com *.google-analytics.com https://*.google.ae *.google.ae https://*.google.ca *.google.ca https://*.google.co.il *.google.co.il https://*.google.co.in *.google.co.in https://*.google.co.uk *.google.co.uk https://*.google.com *.google.com https://*.google.com.au *.google.com.au https://*.google.com.mt *.google.com.mt https://*.google.com.ua *.google.com.ua https://*.google.de *.google.de https://*.google.fr *.google.fr https://*.google.ie *.google.ie https://*.google.it *.google.it https://*.google.ru *.google.ru https://*.google.sk *.google.sk https://*.googleadservices.com *.googleadservices.com https://*.googletagmanager.com *.googletagmanager.com https://*.gstatic.com *.gstatic.com https://*.hiss3lark.com *.hiss3lark.com https://*.hs-analytics.net *.hs-analytics.net https://*.hs-banner.com *.hs-banner.com https://*.hs-scripts.com *.hs-scripts.com https://*.hsforms.net *.hsforms.net https://*.hsforms.com *.hsforms.com https://*.licdn.com *.licdn.com https://*.linkedin.com *.linkedin.com https://*.usemessages.com *.usemessages.com https://js.hsadspixel.net js.hsadspixel.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com *.googleapis.com https://*.google.com *.google.com 'unsafe-inline'; worker-src 'self'; report-uri https://poirot.selesti.com/api/violation/selesti; report-to https://poirot.selesti.com/api/violation/selesti; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; style-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; img-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com data: *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iframe.publicstuff.com data: *; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com *; report-uri /report-csp-violation 1
script-src 'unsafe-inline' 'self' www.google.com www.gstatic.com www.google-analytics.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com fonts.googleapis.com 1
base-uri 'self'; default-src 'self'; child-src; connect-src 'self' https://www.instagram.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au https://*.abtasty.com https://*.doubleclick.net https://*.sentry.io https://*.adservice.google.com https://api.addressfinder.io https://au-live.inside-graph.com https://stats.g.doubleclick.net https://*.facebook.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com wss://au-live.inside-graph.com; font-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.gstatic.com blob: data:; form-action 'self' https://*.powershop.co.nz https://*.facebook.com; frame-ancestors 'self'; frame-src https://*.mypurecloud.com.au *.mypurecloud.com.au https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://*.youtube.com https://recaptcha.google.com https://*.facebook.com https://*.google.com https://*.googletagmanager.com https://au-cdn.inside-graph.com; img-src 'self' https://www.instagram.com https://*.mypurecloud.com.au https://*.abtasty.com https://*.amazonaws.com https://*.doubleclick.net https://adservice.google.com https://*.inside-graph.com https://fonts.gstatic.com https://i.vimeocdn.com https://track.hubspot.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.gstatic.com blob: data:; media-src https://*.youtube.com https://*.vimeo.com https://au-cdn.inside-graph.com; object-src 'none'; script-src 'self' https://*.mypurecloud.com.au https://*.abtasty.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com/recaptcha/ https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com/recaptcha/ https://*.hs-banner.com https://*.hubspot.com https://*.inside-graph.com https://*.vimeo.com https://*.youtube.com https://api.addressfinder.io https://au-tracker.inside-graph.com https://js.hs-analytics.net https://js.hs-scripts.com https://tagmanager.google.com 'nonce-NTYzZWY5OThlYTE5Mzk3ZjE1NjNjNzZiOTg4NGJhOWFiNDllMDFkODc1NTNhODFjNzQ5OTVkMDBjZWUzNzM2ODg2N2JkNDlmYjk4ZTI3YmU3NzA2Y2UyZjZiNzlmMTNjZTg0YTVkMTMwODU5YTQ0OWU3MDYzMWJmODJjZjZiZmE=' 'unsafe-eval' blob:; style-src 'self' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://au-cdn.inside-graph.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; report-uri https://o252893.ingest.sentry.io/api/1440752/security/?sentry_key=fcc1a3c257104300bd1a4a088c479d86; upgrade-insecure-requests 1
script-src 'nonce-1ed34a062b104b4993bd9d6880ef21d0' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self' campaigns.betasystems.com; base-uri 'self'; object-src 'none' 1
default-src 'self' 'unsafe-inline' https: data: https://cdnjs.cloudflare.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com https://*.jacklmoore.com https://*.gstatic.com https://*.google-analytics.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://js.stripe.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://sentry.io https://cdnjs.cloudflare.com https://connect.facebook.net https://js.stripe.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.google.com https://sentry.io https://o126219.ingest.sentry.io; img-src 'self' data: content: https: *.googleapis.com;; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' https://media.blubrry.com https://content.blubrry.com; object-src 'none'; report-uri https://o126219.ingest.sentry.io/api/5265715/security/?sentry_key=9b139e250e5b4bd586488d54bd7a5c84 1
default-src 'self'; frame-src 'self' *.twitter.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://cdn.syndication.twimg.com/ *.twitter.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net 1
script-src 'nonce-ae508850affc4e43b730fe4f134fc09e' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cc.ibox.ua; script-src 'self' 'unsafe-inline' https://connect.facebook.net https://*.doubleclick.net https://pay.google.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cc.ibox.ua; style-src 'self' 'unsafe-inline' 'unsafe-inline' https://fonts.googleapis.com/css https://tagmanager.google.com https://fonts.googleapis.com https://cc.ibox.ua; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://*.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://www.google.com https://www.google.com.ua https://maps.googleapis.com https://www.google-analytics.com https://ssl.gstatic.com https://*.ggpht.com https://cc.ibox.ua; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cc.ibox.ua; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.google-analytics.com https://fonts.gstatic.com https://cc.ibox.ua wss://cc.ibox.ua; frame-src 'self' 'unsafe-inline' https://*.doubleclick.net 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.scoreguardpro.com *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io; style-src 'self' 'unsafe-inline' *.scoreguardpro.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.scoreguardpro.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; frame-src 'self' https://login.microsoftonline.com/ https://login.windows.net/ https://forms.office.com/ https://nca.h5p.com/ http://srhtwas3:65535/ *.nhs.uk/  *.twitter.com/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/ https://myptp.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://nca.h5p.com/js/h5p-resizer.js https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://wikisum.texthelp.com https://embed.tawk.to https://cdn.jsdelivr.net/ *.tawk.to/ *.twimg.com/ *.twitter.com/  *.googletagmanager.com https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://static-v.tawk.to *.tawk.to/ https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://embed.tawk.to *.tawk.to/ *.twitter.com/ https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' blob: https://plus.browsealoud.com https://www.browsealoud.com https://en.wikipedia.org https://wikisum.texthelp.com https://wiki-summarizer-eu.texthelp.com https://simplify-us.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.tawk.to https://tawk.to *.tawk.to/ https://feeds.trac.jobs/ *.googleapis.com *.google-analytics.com stats.g.doubleclick.net; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; media-src 'self' blob: https://*.speechstream.net 1
default-src 'self'  *.readspeaker.com; script-src 'self' 'nonce-TW1FM01Ea3pOR0UzTUdOaVpqTTA=' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com 'nonce-TVRnd1pEUTJPVEUxWWpSaU5XWXo=' *.readspeaker.com gis.bvowb.nl 'nonce-WkdZNFltTmlNbVkxTlRKaU5USTA='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com gis.bvowb.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-7SFa3Z4uDDIEQKMkcp7Id+zL9lqhIPnsJw53AfaRpBU=' 'sha256-ZzK5Vqk5m9+Qzc36oY+ULgcPdOLudnv0HR9zsUZwJt4=' 'nonce-WkdSbU56RTNOVFE1WTJVelkyTm0='; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com *.ytimg.com geodata.nationaalgeoregister.nl *.kaartviewer.nl service.pdok.nl gis.bvowb.nl; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com gis.bvowb.nl; connect-src 'self' *.readspeaker.com gis.bvowb.nl; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' epcplc.com *.epcplc.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.duosecurity.com; img-src 'self' 'unsafe-inline' epcplc.com *.epcplc.com data:; 1
default-src 'self' *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com unpkg.com *.buzzsprout.com endpoint-trial.cognigy.ai yt3.ggpht.com www.youtube-nocookie.com *.linkedin.com www.socialintents.com www.googletagmanager.com *.google.de www.google.com www.google-analytics.com *.facebook.com *.facebook.net *.cookiebot.com *.gstatic.com stats.g.doubleclick.net googleads.g.doubleclick.net px.ads.linkedin.com i.ytimg.com snap.licdn.com 'unsafe-inline' 'unsafe-eval' data: wss:; report-uri /report-csp-violation 1
self 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net; img-src data: https://*.isidata.net data: https://*.google-analytics.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com; connect-src 'self'; form-action https://*.s3.amazonaws.com https://*.isidata.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.immobilienscout24.de *.cookiebot.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.google.de *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.softgarden.io stats.g.doubleclick.net data: blob:;worker-src 'self' blob:;connect-src *.mapbox.com *.google-analytics.com *.cookiebot.com 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: lhconsulting.com.szander.dev.nil *.lhconsulting.com consent.cookiebot.com consentcdn.cookiebot.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.google.ae *.google.at *.google.ba *.google.be *.google.by *.google.ca *.google.cf *.google.ch *.google.co.cr *.google.co.il *.google.co.in *.google.co.jp *.google.co.nz *.google.co.th *.google.co.uk *.google.co.zw *.google.de *.google.com *.google.com.ar *.google.com.au *.google.com.bo *.google.com.br *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.hk *.google.com.kw *.google.com.mt *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.cz *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.im *.google.it *.google.li *.google.lt *.google.lu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si; connect-src 'self' *.lhconsulting.com; font-src 'self' *.lhconsulting.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' *.lhconsulting.com *.google.com *.gstatic.com www.googletagmanager.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.youtube.com *.doubleclick.net *.google.de; 1
default-src 'self'  *.readspeaker.com; script-src 'self' www.googletagmanager.com *.google-analytics.com 'nonce-Wmprd09XUXlaRE5pTlRnMU1HTTQ=' *.readspeaker.com *.vrmwb.nl 'nonce-WVRVM01tUmxZMkkzWldRek5qZ3g=' 'nonce-WlRFM00yUmpPV0psTURWaU1ERms=' 'nonce-TjJNelpEWXpaREEwWmpsak9XSTA=' 'nonce-TURZM1pqbG1NVGt5WkRKaU1EaGg=' 'nonce-WlRVd01tRTVNemcwTVRJeVpEQmg='; object-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' *.readspeaker.com *.vrmwb.nl 'nonce-WVdRek1EVTFZV05pTm1abFpqTTM=' 'nonce-TlRObE1qRTJaVFF3WmpjeFlXVmk=' 'nonce-TkRBeE5EbG1Nek5tTlRCbU5UZGo='; img-src 'self' data: *.google-analytics.com *.gstatic.com *.toegankelijkheidsverklaring.nl *.readspeaker.com *.vrmwb.nl *.openstreetmap.org; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com googletagmanager.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; connect-src 'self' *.google-analytics.com *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'none'; connect-src 'self' https://*.jsdelivr.net/ https://*.usabilla.com/ https://*.cdn.jsdelivr.net/ https://*.aframe.io/ https://*.cdn.aframe.io/ https://*.force.com/ https://cdns.us1.gigya.com/ https://*.gigya.com/ https://*.facebook.com/ https://www.googleoptimize.com/ https://*.pusher.com wss://*.pusher.com https://*.fusepump.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.sessioncam.com/ https://*.doubleclick.net/ https://*.nr-data.net/ https://*.mookie1.com/ 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dancow.co.id/report-csp-violation; upgrade-insecure-requests 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
connect-src 'self' https://*.karolina.io http://*.karolina.io *.karolina.io https://vimeo.com http://vimeo.com vimeo.com https://*.nets.eu http://*.nets.eu *.nets.eu https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.typekit.net http://*.typekit.net *.typekit.net; font-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net data:; img-src 'self' https://cdn.holvi.com http://cdn.holvi.com cdn.holvi.com https://s3-eu-west-1.amazonaws.com http://s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://*.karolina.io http://*.karolina.io *.karolina.io https://mesenaatti.me http://mesenaatti.me mesenaatti.me https://*.youtube.com http://*.youtube.com *.youtube.com https://*.facebook.com http://*.facebook.com *.facebook.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://about http://about about https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.typekit.net http://*.typekit.net *.typekit.net data:; script-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.ytimg.com http://*.ytimg.com *.ytimg.com https://*.facebook.net http://*.facebook.net *.facebook.net https://*.jquery.com http://*.jquery.com *.jquery.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.google.com http://*.google.com *.google.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://data http://data data https://js.stripe.com http://js.stripe.com js.stripe.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com http://fonts.googleapis.com fonts.googleapis.com https://*.google.com http://*.google.com *.google.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.typekit.net http://*.typekit.net *.typekit.net 'unsafe-inline'; 1
default-src 'self' *.vapeshed.co.nz *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.trustedsite.com cdn.ywxi.net *.inspectlet.com zip.co *.paymark.co.nz cdn-vapeshed.co.nz *.vapeshed.co.nz *.googleapis.com *.facebook.net *.gstatic.com *.google.com *.jsdelivr.net *.tawk.to *.googletagmanager.com *.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.vapeshed.co.nz *.googleapis.com *.facebook.net *.jsdelivr.net; img-src * 'self' data: https:; media-src 'none'; frame-src 'self' *.youtube.com *.trustedsite.com *.paymark.co.nz *.google.com *.vapeshed.co.nz *.facebook.net *.facebook.com; font-src 'self' data: *.tawk.to *.gstatic.com; connect-src 'self' ws: *.bugsnag.com *.amazonaws.com *.inspectlet.com *.paymark.co.nz *.vapeshed.co.nz *.paypal.com *.paywithpoli.com *.tawk.to *.google-analytics.com *.doubleclick.net 1
default-src 'self' https://stats.nutime.de https://www.google.com/; prefetch-src 'self' https://5f3c395.ccm19.de; script-src 'self' 'unsafe-inline' https://5f3c395.ccm19.de https://stats.nutime.de https://www.google.com/ https://www.gstatic.com/; connect-src 'self' https://5f3c395.ccm19.de https://stats.nutime.de; img-src 'self' data: https://5f3c395.ccm19.de; style-src 'self' https://5f3c395.ccm19.de; frame-ancestors 'self' 1
script-src 'nonce-frvHmSHPvhf1TwpyrUa/8/rHNzc=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
 default-src 'self' piwik.itzbund.de matomo03.itzbund.de; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com piwik.itzbund.de matomo03.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com;  frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com piwik.itzbund.de matomo03.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.geodatenzentrum.de piwik.itzbund.de matomo03.itzbund.de; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'self' https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 app.trengo.eu 'nonce-TmpFMk5UZzVNbVkzWVRnMVlqZzA=' www.google.com www.gstatic.com 'nonce-TW1RNE1XTmtZMlF5WWpBeE0yTm0=' piwik.bodegraven-reeuwijk.nl 'nonce-TVdFeFkyRmpNMkkzTVRrM09USmg=' 'nonce-TVRBek1UZ3pOemcxWldFNFpUUXg='; object-src 'self'; style-src 'self' app.trengo.eu 'unsafe-hashes' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-4LVcL61RHKN/UlGgTVCAT8M2+zeWnhQw2/9vEf1Jk8U=' 'nonce-WkdGbU5qY3pOelU0TnpWaE1XSm0='; img-src 'self' data: https://*.giphy.com https://s3.eu-central-1.amazonaws.com https://trengo.s3.eu-central-1.amazonaws.com piwik.bodegraven-reeuwijk.nl; media-src 'self' https://static.widget.trengo.eu; frame-src 'self' app.powerbi.com bodegravenreeuwijk.kaartviewer.nl www.google.com; frame-ancestors 'self' piwik.bodegraven-reeuwijk.nl; child-src 'self'; font-src 'self' data: *.googleusercontent.com s3.eu-central-1.amazonaws.com; connect-src 'self' https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com app.trengo.eu piwik.bodegraven-reeuwijk.nl; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://connect.facebook.net  https://s.ytimg.com https://px.ads.linkedin.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://www.googletagmanager.com https://www.linkedin.com https://maps.googleapis.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://themes.googleusercontent.com https://in.hotjar.com https://tagmanager.google.com; img-src 'self' *.google.be *.google.com *.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com *.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com/px/li_sync; media-src 'self' ; frame-src 'self' https://www.youtube.com  https://vars.hotjar.com https://www.facebook.com https://snazzymaps.com; frame-ancestors 'self' ; child-src 'self' ; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; connect-src 'self' https://in.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /nl/report-csp-violation 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'none' ; 1
default-src 'self'  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.retrieve.com *.retrievedev.com *.retrieveqa.com maps.googleapis.com assets-cdn.retrievestage.com *.jwpcdn.com *.jwplatform.com cdn.jwplayer.com www.gstatic.com www.googletagmanager.com *.localhost:* apis.google.com js.stripe.com js.braintreegateway.com c.paypal.com cdn.lr-in-prod.com  ; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com assets-cdn.retrieve.com assets-cdn.retrievedev.com assets-cdn.retrievestage.com  ; img-src 'self' data: blob: *  ; media-src 'self' blob: *  ; frame-src assets-cdn.retrieve.com assets-cdn.retrievedev.com assets-cdn.retrievestage.com *.blindsidenetworks.com *.youtube.com youtube.com screen-recorder-launcher: accounts.google.com content.googleapis.com content-youtube.googleapis.com *.localhost:* *.retrieve.com *.retrievedev.com *.retrieveqa.com js.stripe.com hooks.stripe.com blob: assets.braintreegateway.com *.paypal.com  ; font-src 'self' fonts.gstatic.com *.retrieve.com  ; frame-ancestors airtable.com *.airtableblocks.com *.salesforce.com *.force.com  ; child-src blob:  ; connect-src 'self' 'unsafe-inline' blob: *.s3.amazonaws.com *.s3.us-west-2.amazonaws.com *.retrieve.com *.retrieveqa.com *.retrievedev.com *.retrievestage.com wss://api.retrieve.com:8080 wss://api.retrieveqa.com:8080 wss://api2.retrieveqa.com:8080 wss://api.retrievedev.com:8080 wss://api.retrievestage.com:8080 wss://api2.retrieve.com:8080 ws://localhost:8081 wss://localhost:8081 *.localhost:* localhost:* www.google-analytics.com r.lr-in-prod.com api.stripe.com tfhub.dev storage.googleapis.com wss://*.amazonaws.com:8443 *.braintree-api.com *.braintreegateway.com  ; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.readspeaker.com *.hcaptcha.com hcaptcha.com *.gemeenteoplossingen.nl; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net *.readspeaker.com; img-src 'self' *.google-analytics.com; media-src 'self'; frame-src 'self' *.google.com *.youtube-nocookie.com *.hcaptcha.com *.gemeenteoplossingen.nl; frame-ancestors 'self'; child-src 'self' *.youtube-nocookie.com; font-src 'self' themes.googleusercontent.com use.typekit.net fonts.gstatic.com data:; connect-src 'self' *.google-analytics.com *.doubleclick.net *.readspeaker.com *.hcaptcha.com; report-uri /report-csp-violation 1
default-src 'self' data: ywxi.net www.trustedsite.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.creditheroscore.com *.pushnami.com static.zohocdn.com *.smartlook.com *.smartlook.cloud *.twitter.com *.purechat.com *.pagesense.io www.serveipqs.com *.cloudflareinsights.com www.gstatic.com mpsnare.iesnare.com *.trustev.com connect.facebook.net cdnjs.cloudflare.com www.google.com www.google-analytics.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net polyfill.io; style-src 'self' 'unsafe-inline' *.creditheroscore.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: *.creditheroscore.com www.googletagmanager.com www.google-analytics.com bat.bing.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net www.myscore.com https:; frame-src *.smartlook.com *.smartlook.cloud *.pushnami.com *.twitter.com *.pagesense.io www.mcafeesecure.com www.trustedsite.com www.serveipqs.com www.google.com *.securepaths.com *.trustev.com *.googletagmanager.com googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; font-src 'self' fn.eu.serveipqs.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com fonts.gstatic.com; connect-src 'self' *.smartlook.com *.smartlook.cloud *.taboola.com *.purechat.com *.pushnami.com pagesense-collect.zoho.com *.serveipqs.com wss://mpsnare.iesnare.com/star *.trustev.com maxcdn.bootstrapcdn.com *.amazonaws.com cdnjs.cloudflare.com www.google.com www.google-analytics.com fonts.gstatic.com www.googletagmanager.com bat.bing.com fonts.googleapis.com www.w3m.com polyfill.io googleads.g.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net; media-src 'self' data: mpsnare.iesnare.com; report-uri https://cfs2020.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.winkbingo.com *.bingosys.net ; 1
defult-src 'self' 1
script-src 'nonce-33158d5d57204f368a5feaa258af71e5' 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com static.staging.wellsfargo.com static.wellsfargo.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo.com:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com rtd-tm.everesttech.net googleads.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self' *.onesignal.com https://onesignal.com; script-src 'unsafe-inline' 'unsafe-eval' https://bloggersly.com *.google.com *.googletagmanager.com *.gstatic.com *.onesignal.com https://onesignal.com *.cloudflare.com *.tawk.to*.dawn3host.co *.jsdelivr.net; connect-src https://bloggersly.com *.google-analytics.com *.google.com *.tawk.to wss://*.tawk.to https://onesignal.com *.onesignal.com; style-src 'unsafe-inline' *.cloudflare.com https://bloggersly.com *.tawk.to *.googleapis.com; img-src 'self' data: https://bloggersly.com *.tawk.to; frame-src 'self' *.google.com *.youtube.com *.live.com *.gocardless.com; font-src 'self' *.tawk.to *.gstatic.com; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net fonts.googleapis.com youtube.com *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com cdn.rawgit.com otp.tools.investis.com https://sc.lfeeder.com https://staticcontents.investisdigital.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com youtube.com brightcove.hs.llnwd.net; frame-src 'self' *.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com otp.tools.investis.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri /report-csp-violation 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src *; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://www.google-analytics.com/  http://fonts.googleapis.com/ https://cdnjs.cloudflare.com http://cdn.ckeditor.com ; object-src 'self'; style-src 'self' 'unsafe-inline' http://cdn.ckeditor.com; img-src 'self' http://cdn.ckeditor.com; media-src 'self' https://youtube.com; frame-src 'self' https://www.youtube.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv media.gab.com tv.gab.com video.twimg.com; connect-src 'self' whaleshares.io pubrpc.whaleshares.io api.whaleshares.io www.google-analytics.com; default-src 'self' whaleshares.io www.youtube.com staticxx.facebook.com player.vimeo.com player.twitch.tv www.tiktok.com musicoin.org www.instagram.com www.bitchute.com emb.d.tube rumble.com www.brighteon.com lbry.tv media.gab.com tv.gab.com video.twimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' whaleshares.io www.google-analytics.com www.googletagmanager.com connect.facebook.net cdn.polyfill.io cse.google.com www.google.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' whaleshares.io fonts.googleapis.com at.alicdn.com www.google.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com at.alicdn.com; frame-ancestors 'none'; img-src * data:; report-uri /csp_violation; object-src 'none' 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; script-src 'self' data: 'unsafe-inline' *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.addtoany.com; object-src *; style-src 'self' data: 'unsafe-inline' *.compsy.be *.compsy.be fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' data: *.compsy.be *.uniweb.eu www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com; media-src *; frame-src 'self' data: *.compsy.be *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.youtube.com; font-src 'self' data: *.compsy.be *.uniweb.eu fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'none'; 1
frame-src *; child-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.amazonaws.com *.amazoncognito.com; frame-ancestors 'self' sf360.com.au 1
font-src 'self' https://fast.fonts.net; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://matomo.14v.de https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self' https://api.specials.de https://www.360tourist.net https://ibe.specials.de https://hotel.ypsilon.net/ https://car.ypsilon.net https://flr.ypsilon.net https://www.google.com; child-src 'self'; style-src 'self' https://fast.fonts.net 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://webmedia.ypsilon.net https://api.specials.de https://b2b.specials.de https://hotel.ypsilon.net https://car.ypsilon.net https://flr.ypsilon.net https://piwik.14v.de https://matomo.14v.de 'unsafe-inline'; report-uri /metanavigation/kontakt/; 1
font-src 'self' https:; frame-src https:; form-action 'self' https: www.facebook.com; img-src https: data: http:; report-uri https://ba0cf75d0c584cc8ae77dbcd73a93e68@o22121.ingest.sentry.io/6064960; script-src 'self' https://* http://* 'unsafe-eval' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.jquery.com *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google.com *.googletagmanager.com *.gstatic.com *.facebook.net *.google-analytics.com dnn506yrbagrg.cloudfront.net *.youtube.com *.ytimg.com *.crazyegg.com *.opinionstage.com; connect-src 'self' script.crazyegg.com stats.g.doubleclick.net *.cwp.govt.nz wss://*.inside-graph.com *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google-analytics.com *.optimalworkshop.com *.opinionstage.com *.facebook.com; img-src 'self' data: *.google.com *.google.co.nz *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.typekit.net *.doubleclick.net *.gstatic.com *.facebook.com *.google-analytics.com *.youtube.com *.inside-graph.com gtrk.s3.amazonaws.com *.opinionstage.com; style-src 'self' 'unsafe-inline' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.googleapis.com *.google.com *.opinionstage.com; font-src 'self' data: *.gstatic.com *.typekit.net ; frame-src 'self' *.inside-graph.com *.youtube.com *.doubleclick.net *.google.com *.opinionstage.com *.facebook.com; manifest-src 'self'; frame-ancestors 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; base-uri 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; form-action 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.opinionstage.com *.facebook.com; 1
default-src 'self'; frame-src 'self' https://nhs.attendanywhere.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com *.amazonaws.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self'  https://analytics.google.com/ https://nhs.attendanywhere.com https://feeds.trac.jobs/ https://www.google-analytics.com 1
default-src 'self' https://analytics.google.com/g/collect; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com/api/player.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline'; img-src data: 'self' https://i.vimeocdn.com; frame-src 'self' https://player.vimeo.com 1