| Content-Security-Policy | default-src 'self'; connect-src 'self' http://mc.yandex.ru https://mc.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://mc.yandex.ru https://mc.yandex.ru http://*.gstatic.com http://vk.com/js/api/ https://vk.com/js/api/ http://platform.twitter.com http://connect.facebook.net https://*.google.com http://www.google.com/jsapi http://www.google.com/uds/ https://*.googlesyndication.com http://*.googlesyndication.com https://*.gstatic.com https://ajax.googleapis.com; img-src 'self' http://*.yandex.ru https://*.googlesyndication.com http://*.gravatar.com/avatar/ https://vk.com http://vk.com https://*.gstatic.com http://*.gstatic.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com http://*.google.com; font-src 'self' http://fonts.gstatic.com; frame-src https://*.yandex.ru http://*.twitter.com http://*.facebook.com https://*.facebook.com http://*.doubleclick.net http://*.youtube.com https://*.youtube.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com http://vk.com https://vk.com https://login.vk.com http://*.facebook.com; object-src https://*.youtube.com http://*.youtube.com http://*.ytimg.com |