Content-Security-Policy-Report-Only | default-src 'self' *.prom.ua *.uaprom cdn.prom.st static-cache.ua.uaprom.net *.cloudfront.net counter.yadro.ru *.skype.com *.youtube.com *.youtu.be *.jivosite.com *.reformal.ru https: ws://*.hypercomments.com *.example.com 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.yandex.net yandex.st *.doubleclick.net *.facebook.com *.facebook.net *.hypercomments.com *.siteheart.com yandex.st *.google.com *.googleapis.com *.googleadservices.com *.googletagservices.com *.google-analytics.com *.googlesyndication.com; img-src * data:; media-src *; style-src * 'unsafe-inline'; font-src *; connect-src *; report-uri https://prom.ua/js_tests/csp_report |