Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.youtube.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com googleadservices.com *.googletagservices.com googletagservices.com cdn.cookielaw.org ibe.uphotel.agency https://www.google.com https://www.gstatic.com *.virtualearth.net *.bing.com bing.com unpkg.com *.pagestrip.com onepagebooking.com cdnjs.cloudflare.com *.walls.io walls.io connect.facebook.net *.facebook.net facebook.net snap.licdn.com *.linkedin.com linkedin.com *.azureedge.net hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com *.cmp.schwarz *.dynamics.com; img-src 'self' data: *.object.storage.eu01.onstackit.cloud *.google-analytics.com *.google.de www.googletagmanager.com googleads.g.doubleclick.net *.google.com fonts.gstatic.com form.lidl.com *.google-analytics.com ibe-frontend-production-frontend.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.tile.openstreetmap.org *.tiles.virtualearth.net *.bing.com http://*.tile.osm.org unpkg.com *.pagestrip.com cdn.cookielaw.org onepagebooking.com api.scon-assets.schwarz www.facebook.com px.ads.linkedin.com dc.ads.linkedin.com www.googleadservices.com *.img.schwarz hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com *.dynamics.com *.azureedge.net *.linkedin.com *.bing.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com form.lidl.com *.fonts.net ibe.uphotel.agency https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.bing.com unpkg.com *.pagestrip.com onepagebooking.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com ibe.uphotel.agency *.pagestrip.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; frame-src 'self' 'unsafe-inline' www.youtube.com form.lidl.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleadservices.com googleadservices.com *.googletagservices.com googletagservices.com *.facebook.net facebook.net *.linkedin.com linkedin.com *.bing.com bing.com *.youtube-nocookie.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.google.com *.walls.io walls.io form.schwarz-digits.de form.beschaffung.schwarz; connect-src 'self' www.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.googleadservices.com www.googleadservices.com stats.g.doubleclick.net form.lidl.com *.uphotel.agency cdn.cookielaw.org *.onetrust.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com  *.openstreetmap.org *.bing.com pagestrip.com *.pagestrip.com *.scon.schwarz wss://endpoint-prod.scon.schwarz scon-assets-hub-prod.apps.01.cf.eu01.stackit.cloud api.scon-assets.schwarz px.ads.linkedin.com dc.ads.linkedin.com *.facebook.com *.facebook.net *.azureedge.net *.dynamics.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com api.friendlycaptcha.com *.cmp.schwarz *.googlesyndication.com; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.google-analytics.com; worker-src 'self' blob:;