private
gzip
38977
default-src 'self';
frame-src app.vwo.com *.visualwebsiteoptimizer.com consentcdn.cookiebot.com 'self' *.criteo.com *.youtube.com youtu.be *.youtube-nocookie.com noembed.com *.vimeo.com www.google.com www.civas.nl www.civas.be usersync.datatrics.com www.bladerpdf.nl vars.hotjar.com vars.hotjar.io optimize.google.com;
connect-src *.googlesyndication.com googleads.g.doubleclick.net *.ads.linkedin.com www.facebook.com *.criteo.net *.visualwebsiteoptimizer.com app.vwo.com consentcdn.cookiebot.com *.criteo.com cdn.linkedin.oribi.io region1.analytics.google.com www.google.com *.hotjar.io wss://ws.hotjar.com wss://ws3.hotjar.com wss://ws3.hotjar.io ws3.hotjar.com ws3.hotjar.io www.google-analytics.com squeezely.tech wss://www.civas.nl wss://www.civas.be api.datatrics.com wss://ws1.hotjar.com wss://ws1.hotjar.io *.google-analytics.com *.bugsnag.com www.feedbackcompany.com api.civas.nl www.civas.nl www.civas.be in.hotjar.com in.hotjar.io vc.hotjar.io ws1.hotjar.com ws1.hotjar.io stats.g.doubleclick.net connect.facebook.net criteo-partners.tremorhub.com bat.bing.com ;
font-src *;
img-src 'self' data: static.civas.nl static.civas.be bat.bing.com *.ads.linkedin.com *.squeezely.tech squeezely.tech www.facebook.com www.google.nl www.google.com www.linkedin.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.criteo.com *.yahoo.com *.adnxs.com *.emxdgt.com *.yieldmo.com *.yieldlab.net *.tremorhub.com *.sharethrough.com *.pubmatic.com *.outbrain.com *.postrelease.com *.mediavine.com *.ivitrack.com *.360yield.com id5-sync.com *.criteo.com *.casalemedia.com *.omnitagjs.com *.adform.net *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.rubiconproject.com *.media.net *.bidswitch.net *.doubleclick.net *.cookiebot.com *.demdex.net *.krxd.net *.thebrighttag.com;
script-src blob: * 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com consent.cookiebot.com consentcdn.cookiebot.com;
script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' www.feedbackcompany.com *.cookiebot.com snap.licdn.com bat.bing.com connect.facebook.net *.criteo.com squeezely.tech googleads.g.doubleclick.net *.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com *.googletagmanager.com consent.cookiebot.com clarity.ms www.google.com/recaptcha/api.js tm.tradetracker.net www.gstatic.com clarity.ms;
style-src 'self' fonts.googleapis.com 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;
text/html; charset=utf-8
Fri, 12 Jan 2024 15:03:41 GMT
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
strict-origin-when-cross-origin
max-age=31536000
Accept-Encoding
nosniff
SAMEORIGIN
none
1; mode=block
|