Cache-Control: private, no-cache, no-store
Connection: keep-alive
Content-Security-Policy: default-src blob: data: 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.2gis.com *.2gis.ru s0.2mdn.net *.adriver.ru *.ampproject.net *.ampproject.org *.apester.com *.cloudfront.net www.dailymail.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com facebook.com *.facebook.com *.gemius.pl giphy.com *.google.com *.googleapis.com *.googlesyndication.com themes.googleusercontent.com *.gstatic.com instagram.com *.instagram.com video.khl.ru *.moatads.com *.mradx.net ok.ru *.ok.ru *.playbuzz.com *.qmerce.com rutube.ru *.rutube.ru *.serving-sys.com soundcloud.com *.soundcloud.com *.twimg.com twitter.com *.twitter.com player.vimeo.com vine.co vk.com *.vk.com *.weborama.fr *.yandex.ru *.yandex.net yandex.st yandexadexchange.net *.yandexadexchange.net yastatic.net *.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' js-inject *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.adlooxtracking.com s3.amazonaws.com cdn.ampproject.org *.apester.com static.bbc.co.uk news.files.bbci.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.net *.facebook.com *.flickr.com translate.google.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.instagram.com mediatoday.ru *.moatads.com *.mradx.net *.mxpnl.com *.odnoklassniki.ru ok.ru *.ok.ru cdn.playbuzz.com *.qmerce.com sb.scorecardresearch.com *.twimg.com *.twitter.com platform.vine.co vk.com *.vk.com *.webvisor.com *.mtproxy.yandex.net *.yandex.ru yandex.st yastatic.net; connect-src 'self' wss://*.mail.ru wss://*.devmail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.ampproject.net *.apester.com facebook.com *.facebook.com *.facebook.net *.flickr.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.instagram.com *.mixpanel.com *.mradx.net *.qmerce.com geo.query.yahoo.com twitter.com *.twitter.com *.yandex.ru yandex.st yastatic.net; img-src * data: blob:; worker-src 'self' *.mail.ru; report-uri https://portal-csp-report.corp.mail.ru/report/
Content-Type: text/html; charset=utf-8
Date: Thu, 05 Oct 2017 16:10:44 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: nginx/1.10.3
Strict-Transport-Security: max-age=16070400; preload
Transfer-Encoding: chunked
Vary: User-Agent
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block