Content-Security-Policy | default-src 'self'; img-src * data:; font-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.google-analytics.com *.googlesyndication.com *.google.com *.googleapis.com *.gstatic.com *.g.doubleclick.net mc.yandex.ru cdnjs.cloudflare.com res:; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googlesyndication.com; frame-src 'self' *.facebook.com *.g.doubleclick.net *.youtube.com *.google.com *.googlesyndication.com gsa: ms-appx-web: mx: market: data:; connect-src 'self' mc.yandex.ru *.google-analytics.com *.googleapis.com *.googlesyndication.com *.g.doubleclick.net *.gstatic.com cdnjs.cloudflare.com; object-src 'self' *.googlesyndication.com |