Content-Security-Policy | default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com webtrends.metro.info ssl.siteimprove.com www.gstatic.com dl.edge-cdn.net ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net cloud.typography.com *.twimg.com ; img-src 'self' csi.gstatic.com dl.edge-cdn.net data: maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com webtrends.metro.info ssl.siteimprove.com www.gstatic.com app.miag.com maintenance.metroag.de ; frame-src 'self' www.youtube.com qfx.tools.investis.com player.admiralcloud.com *.twitter.com www.google.com dev.dieproduktion.de pano.360concept.ro ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d1azc1qln24ryf.cloudfront.net ; object-src 'self' ; connect-src 'self' dl.edge-cdn.net *.twitter.com www.3dzeitschrift.de ; media-src 'self' jpn.videos.metrosystems.net edge-cdn.net ; report-uri MagReport.csp?cspReport=true |