diff --git a/crm.mcmed.ru b/crm.mcmed.ru
index 5a4f6e2..17381c8 100644
--- a/crm.mcmed.ru
+++ b/crm.mcmed.ru
@@ -29,8 +29,8 @@ server {
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' http://crm.mcmed.ru https://crm.mcmed.ru http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" always;
-    add_header X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' http://crm.mcmed.ru https://crm.mcmed.ru http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' http://crm.mcmed.ru https://crm.mcmed.ru http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://cdn.jsdelivr.net ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" always;
+    add_header X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' http://crm.mcmed.ru https://crm.mcmed.ru http://crm.mcmed.ru https://crm.mcmed.ru https://www.google-analytics.com https://analytics.google.com https://cdn.jsdelivr.net ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" always;
     add_header Referrer-Policy "strict-origin-when-cross-origin" always;
     add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
 
diff --git a/frontend/index.html b/frontend/index.html
index 3becacf..f0de66e 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -4,7 +4,6 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="theme-color" content="#23282f" />
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://www.google-analytics.com https://analytics.google.com https://*; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com ws: wss:; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob: https://cdnjs.cloudflare.com;" />
 
     <!-- Geologica -->
     <link