Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://mc.yandex.ru; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com; child-src http://www.youtube.com https://www.youtube.com http://awaps.yandex.ru; object-src 'none'; frame-ancestors http://webvisor.com; report-uri /api/report; connect-src 'self' https://www.google-analytics.com https://mc.yandex.ru; |