Content-Security-Policy | connect-src 'self' mixfacts.ru *.yandex.ru https://mc.yandex.ru *.google-analytics.com ; child-src 'none' ; font-src 'self' mixfacts.ru yastatic.net https://yastatic.net fonts.gstatic.com *.bootstrapcdn.com; form-action 'self' mixfacts.ru; frame-ancestors 'self' mixfacts.ru ; frame-src 'self' mixfacts.ru http://m.vk.com https://m.vk.com https://login.vk.com http://vk.com https://vk.com www.facebook.com platform.twitter.com https://trustedads.adtrustmedia.com yastatic.net https://yastatic.net http://awaps.yandex.ru *.doubleclick.net https://googleads.g.doubleclick.net *.googlesyndication.com yandexadexchange.net https://www.youtube.com www.youtube.com youtube.com youtube.ru www.youtube.ru *.orchardproject.net; img-src data: 'self' mixfacts.ru cdn.mixfacts.ru img1.mixfacts.ru img2.mixfacts.ru *.vk.me *.rutarget.ru *.mythings.com *.targetix.net *.adriver.ru cdn.jsdelivr.net http://vk.com https://vk.com passets.pinterest.com *.yandex.ru *.yandex.net yastatic.net https://yastatic.net https://mc.yandex.ru https://avatars-fast.yandex.net https://favicon.yandex.net https://an.yandex.ru counter.yadro.ru counter.rambler.ru *.google-analytics.com *.doubleclick.net *.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.gstatic.com; media-src 'none' ; object-src www.gstatic.com an.yandex.ru http://pagead2.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' mixfacts.ru cdn.mixfacts.ru cdn.jsdelivr.net https://trustedads.adtrustmedia.com http://trustedads.adtrustmedia.com http://vk.com https://vk.com platform.twitter.com *.pinterest.com yastatic.net *.yandex.ru *.yandex.net https://an.yandex.ru https://yastatic.net https://mc.yandex.ru https://pagead2.googlesyndication.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com counter.rambler.ru; style-src 'self' 'unsafe-eval' 'unsafe-inline' mixfacts.ru cdn.mixfacts.ru cdn.jsdelivr.net yastatic.net https://yastatic.net fonts.googleapis.com *.bootstrapcdn.com; default-src 'none' ; reflected-xss filter; referrer origin-when-cross-origin; report-uri //cspbuilder.info/report/750529930694020017/noscriptinline/; |