| Content-Security-Policy | default-src 'self'; script-src 'self' https: *.yandex.ru *.adlabs.ru *.luxadv.com *.yandex.net yandex.st *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.google.com *.googleapis.com *.acint.net directstat.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: *.google.com *.googleapis.com; img-src 'self' https: data: *.gravatar.com gravatar.com *.luxcdn.com *.luxup.ru *.luxadv.com *.2mdn.net *.doubleclick.net directstat.ru counter.yadro.ru *.tns-counter.ru *.acint.net *.yandex.ru *.yandex.net yastatic.net *.gstatic.com *.google.com *.googlesyndication.com *.google-analytics.com yandex.st; frame-src 'self' https: vk.com *.video.mail.ru videoapi.my.mail.ru yastatic.net *.yandex.ru www.youtube.com video.rutube.ru rutube.ru *.2mdn.net *.doubleclick.net yandex.st *.google.com; font-src 'self' https: fonts.gstatic.com; object-src 'self' https: *.youtube.com *.youtube-nocookie.com video.rutube.ru rutube.ru *.googlevideo.com *.ytimg.com *.googleapis.com *.gstatic.com *.googlesyndication.com; connect-src 'self' https: *.googleapis.com *.rutube.ru *.googlevideo.com mc.yandex.ru *.google-analytics.com; report-uri //cspbuilder.info/report/185091665444870109/ |