Content-Security-Policy | default-src 'self' data;img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' AJAX.googleapis.com am15.net vk.com yandex.st *.am15.net c.100im.info *.yandex.ru *.yastatic.net *.google.com *.google.ru *.googlesyndication.com *.googleapis.com *.twitter.com *.facebook.net *.facebook.com *.youtube.com *.youtube-nocookie.com *.marketgid.com *.google-analytics.com *.rambler.ru; style-src 'self' 'unsafe-inline' AJAX.googleapis.com am15.net vk.com yandex.st *.am15.net c.100im.info *.yandex.ru *.yastatic.net *.google.com *.googlesyndication.com *.googleapis.com *.twitter.com *.facebook.net *.facebook.com *.youtube.com *.youtube-nocookie.com *.autonet.ru; font-src 'self' *.marketgid.com; connect-src 'self' *.yandex.ru; frame-src *.doubleclick.net *.yandex.ru *.youtube.com; frame-ancestors *.google.com; object-src 'self' *.doubleclick.net vk.com *.gstatic.com; |