| Content-Security-Policy | connect-src 'self' https://api.wordpress.org *.yandex.ru; child-src 'self' ; font-src data: 'self' *.gstatic.com; form-action 'self' ; frame-ancestors 'self' ; frame-src 'self' iframe-toloka.com https://toloka.yandex.com *.yandex.ru *.youtube.com https://www.youtube.com *.videopress.com; img-src data: 'self' druzhinnoe.ru s.w.org ps.w.org *.wordpress.org sync.security.pp.regruhosting.ru *.gravatar.com https://avatars-fast.yandex.net https://favicon.yandex.net *.yandex.net https://an.yandex.ru *.yandex.ru *.feedburner.com *.rambler.ru counter.rambler.ru https://scounter.rambler.ru https://secure.gravatar.com *.twitter.com *.tradedoubler.com; media-src 'self' *.s.w.org; object-src 'self' https://*.wordpress.com https://advertur.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' druzhinnoe.ru https://mc.yandex.ru mc.yandex.ru https://an.yandex.ru an.yandex.ru *.yandex.ru yandex.st https://ajax.googleapis.com ajax.googleapis.com *.googleapis.com html5shiv.googlecode.com *.google-analytics.com *.videopress.com; style-src data: 'self' 'unsafe-inline' druzhinnoe.ru https://fonts.googleapis.com *.googleapis.com; default-src 'self' ; reflected-xss block; |