Content-Security-Policy-Report-Only | default-src 'self' *.bundesbank.de *.tv1.eu fpdownload.adobe.com *.ytimg.com *.youtube.com *.googlevideo.com *.gstatic.com *.googleapis.com *.etracker.com *.etracker.de *.core-cdn.net; style-src 'self' 'unsafe-inline' *.bundesbank.de *.googleapis.com; img-src 'self' www.bundesbank.de data: *.etracker.com *.etracker.de jwpltx.com p.jwpcdn.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bundesbank.de offline.bundesbank.de *.etracker.com *.etracker.de *.jwpcdn.com *.tv1.eu *.googleapis.com; report-uri /cspViolation |