Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; img-src 'self' data: https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org; report-uri /_csp.php |