Content-Security-Policy-Report-Only | default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com edge-cdn.net dl.videos.metrosystems.net cdn.syndication.twimg.com platform.twitter.com webtrends.metro.info ssl.siteimprove.com www.gstatic.com dl.edge-cdn.net ; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net cloud.typography.com ; img-src 'self' csi.gstatic.com dl.edge-cdn.net data: maps.googleapis.com maps.gstatic.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com webtrends.metro.info ssl.siteimprove.com www.gstatic.com app.miag.com maintenance.metroag.de ; frame-src 'self' www.youtube.com qfx.tools.investis.com player.admiralcloud.com platform.twitter.com syndication.twitter.com www.google.com ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d1azc1qln24ryf.cloudfront.net ; object-src 'self' ; connect-src 'self' dl.edge-cdn.net ; media-src 'self' jpn.videos.metrosystems.net edge-cdn.net ; report-uri MagReport.csp?cspReport=true |