diff --git a/backend/pom.xml b/backend/pom.xml
index e13cb41..299288a 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>ru.micord.ervu.lkrp</groupId>
     <artifactId>fl</artifactId>
-    <version>1.9.3-SNAPSHOT</version>
+    <version>1.9.4-SNAPSHOT</version>
   </parent>
   <groupId>ru.micord.ervu.lkrp.fl</groupId>
   <artifactId>backend</artifactId>
diff --git a/backend/src/main/java/ru/micord/ervu/controller/ErvuDataController.java b/backend/src/main/java/ru/micord/ervu/controller/ErvuDataController.java
index d45293c..bcd0d8d 100644
--- a/backend/src/main/java/ru/micord/ervu/controller/ErvuDataController.java
+++ b/backend/src/main/java/ru/micord/ervu/controller/ErvuDataController.java
@@ -1,18 +1,11 @@
 package ru.micord.ervu.controller;
 
-import com.google.protobuf.InvalidProtocolBufferException;
-import org.apache.kafka.common.utils.Bytes;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.bind.annotation.GetMapping;
-import ru.micord.ervu.converter.SummonsResponseDataConverter;
-import ru.micord.ervu.dto.SubpoenaRequestDto;
-import ru.micord.ervu.dto.SubpoenaResponseDto;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
-import proto.ervu.rp.summons.SummonsResponseData;
-import ru.micord.ervu.kafka.service.ReplyingKafkaService;
-import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
+import ru.micord.ervu.dto.SubpoenaResponseDto;
+import ru.micord.ervu.service.SubpoenaService;
 
 /**
  * @author gulnaz
@@ -20,41 +13,15 @@ import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
 @RestController
 public class ErvuDataController {
 
-  private final ReplyingKafkaService<Object, Bytes> replyingKafkaService;
-  private final SummonsResponseDataConverter converter;
+  private final SubpoenaService subpoenaService;
 
-  @Value("${ervu.kafka.recruit.request.topic}")
-  private String recruitRequestTopic;
-  @Value("${ervu.kafka.recruit.reply.topic}")
-  private String recruitReplyTopic;
-
-  public ErvuDataController(
-      @Qualifier("recruit") ReplyingKafkaService<Object, Bytes> replyingKafkaService,
-      SummonsResponseDataConverter converter) {
-    this.replyingKafkaService = replyingKafkaService;
-    this.converter = converter;
+  @Autowired
+  public ErvuDataController(SubpoenaService subpoenaService) {
+    this.subpoenaService = subpoenaService;
   }
 
-  @GetMapping(
-      value = "/recruit",
-      produces = MediaType.APPLICATION_JSON_VALUE
-  )
+  @GetMapping(value = "/recruit", produces = MediaType.APPLICATION_JSON_VALUE)
   public SubpoenaResponseDto getData() {
-    String ervuId = SecurityUtil.getErvuId();
-
-    if (ervuId == null) {
-      return new SubpoenaResponseDto.Builder().build();
-    }
-    SubpoenaRequestDto subpoenaRequestDto = new SubpoenaRequestDto(ervuId);
-    byte[] reply = replyingKafkaService.sendMessageAndGetReply(recruitRequestTopic,
-        recruitReplyTopic, subpoenaRequestDto).get();
-
-    try {
-      SummonsResponseData responseData = SummonsResponseData.parseFrom(reply);
-      return converter.convert(responseData);
-    }
-    catch (InvalidProtocolBufferException e) {
-      throw new RuntimeException("Failed to parse data", e);
-    }
+    return subpoenaService.getSubpoenaData();
   }
 }
diff --git a/backend/src/main/java/ru/micord/ervu/security/LogoutSuccessHandler.java b/backend/src/main/java/ru/micord/ervu/security/LogoutSuccessHandler.java
index 9993b23..3867b41 100644
--- a/backend/src/main/java/ru/micord/ervu/security/LogoutSuccessHandler.java
+++ b/backend/src/main/java/ru/micord/ervu/security/LogoutSuccessHandler.java
@@ -25,9 +25,7 @@ public class LogoutSuccessHandler
   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
                               Authentication authentication) throws IOException {
     String url = esiaAuthService.logout(request, response);
-    response.setStatus(HttpServletResponse.SC_OK);
-    response.getWriter().write(url);
-    response.getWriter().flush();
+    response.sendRedirect(url);
     CsrfToken csrfToken = this.csrfTokenRepository.generateToken(request);
     this.csrfTokenRepository.saveToken(csrfToken, request, response);
   }
diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
index 61799a5..4fc0cfc 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
@@ -23,6 +23,9 @@ public class EsiaConfig {
   @Value("${esia.redirect.url}")
   private String redirectUrl;
 
+  @Value("${esia.logout.redirect.url}")
+  private String logoutRedirectUrl;
+
   @Value("${sign.url}")
   private String signUrl;
 
@@ -86,4 +89,8 @@ public class EsiaConfig {
   public String getEsiaTokenUrl() {
     return esiaTokenUrl;
   }
+
+  public String getLogoutRedirectUrl() {
+    return logoutRedirectUrl;
+  }
 }
diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
index f8ae592..4fb22ae 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@@ -13,7 +13,6 @@ import java.time.format.DateTimeFormatter;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.UUID;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -111,7 +110,7 @@ public class EsiaAuthService {
           "redirect_uri", redirectUrlEncoded,
           "client_certificate_hash", esiaConfig.getClientCertHash());
 
-      return makeRequest(url, params);
+      return buildUrl(url, params);
     }
     catch (Exception e) {
       throw new RuntimeException(e);
@@ -134,12 +133,13 @@ public class EsiaAuthService {
         .replace("+", "%20");
   }
 
-  private static String makeRequest(URL url, Map<String, String> params) {
+  private static String buildUrl(URL url, Map<String, String> params) {
     StringBuilder uriBuilder = new StringBuilder(url.toString());
     uriBuilder.append('?');
     for (Map.Entry<String, String> node : params.entrySet()) {
       uriBuilder.append(node.getKey()).append('=').append(node.getValue()).append("&");
     }
+    uriBuilder.deleteCharAt(uriBuilder.length() - 1);
     return uriBuilder.toString();
   }
 
@@ -204,8 +204,7 @@ public class EsiaAuthService {
       Response ervuIdResponse = getErvuIdResponse(esiaAccessTokenStr);
       Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuIdResponse.getErvuId());
       int expiry = tokenResponse.getExpires_in().intValue();
-      Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
-      response.addCookie(accessCookie);
+      securityHelper.addAccessCookies(response, token.getValue(), expiry);
       UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
           new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
       SecurityContext context = SecurityContextHolder.createEmptyContext();
@@ -214,8 +213,6 @@ public class EsiaAuthService {
       authenticationManager.authenticate(jwtAuthentication);
       context.setAuthentication(jwtAuthentication);
       SecurityContextHolder.setContext(context);
-      Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
-      response.addCookie(authMarkerCookie);
       return ResponseEntity.ok("Authentication successful");
     }
     catch (Exception e) {
@@ -281,8 +278,7 @@ public class EsiaAuthService {
       Response ervuIdResponse = getErvuIdResponse(esiaAccessTokenStr);
       Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuIdResponse.getErvuId());
       int expiry = tokenResponse.getExpires_in().intValue();
-      Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
-      response.addCookie(accessCookie);
+      securityHelper.addAccessCookies(response, token.getValue(), expiry);
       UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
           new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
       SecurityContext context = SecurityContextHolder.createEmptyContext();
@@ -291,8 +287,6 @@ public class EsiaAuthService {
       authenticationManager.authenticate(jwtAuthentication);
       context.setAuthentication(jwtAuthentication);
       SecurityContextHolder.setContext(context);
-      Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
-      response.addCookie(authMarkerCookie);
     }
     catch (Exception e) {
       throw new RuntimeException(e);
@@ -338,12 +332,12 @@ public class EsiaAuthService {
       EsiaTokensStore.removeAccessToken(userId);
       EsiaTokensStore.removeRefreshToken(userId);
       String logoutUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaLogoutUrl();
-      String redirectUrl = esiaConfig.getRedirectUrl();
+      String redirectUrl = esiaConfig.getLogoutRedirectUrl();
       URL url = new URL(logoutUrl);
       Map<String, String> params = mapOf(
           "client_id", esiaConfig.getClientId(),
           "redirect_url", redirectUrl);
-      return makeRequest(url, params);
+      return buildUrl(url, params);
     }
     catch (Exception e) {
       throw new RuntimeException(e);
diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
index 0a222c7..9c966f6 100644
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
@@ -1,43 +1,89 @@
 package ru.micord.ervu.security.webbpm.jwt.helper;
 
-import javax.servlet.http.Cookie;
+import java.net.IDN;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Value;
-import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
 
+import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
 import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_MARKER;
 import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_TOKEN;
-import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.createCookie;
 
 public final class SecurityHelper {
   @Value("${cookie.path:#{null}}")
   private String accessCookiePath;
+  @Value("${cookie.domain:#{null}}")
+  private String accessCookieDomain;
+  @Value("${cookie.secure:false}")
+  private boolean accessCookieSecure;
+  @Value("${cookie.same.site:Lax}")
+  private String accessCookieSameSite;
+
+  @PostConstruct
+  private void init() {
+
+    if (accessCookieDomain != null) {
+      accessCookieDomain = IDN.toASCII(accessCookieDomain);
+    }
+  }
 
   public void clearAccessCookies(HttpServletResponse response) {
-    Cookie tokenCookie = createCookie(AUTH_TOKEN, null, null);
-    tokenCookie.setMaxAge(0);
-    tokenCookie.setPath(accessCookiePath);
-    tokenCookie.setHttpOnly(true);
-    response.addCookie(tokenCookie);
+    ResponseCookie emptyAuthToken = createCookie(AUTH_TOKEN, null, accessCookiePath)
+        .maxAge(0).build();
+    addResponseCookie(response, emptyAuthToken);
 
-    Cookie markerCookie = createCookie(AUTH_MARKER, null, null);
-    markerCookie.setMaxAge(0);
-    markerCookie.setPath("/");
-    response.addCookie(markerCookie);
+    ResponseCookie emptyAuthMarker = createCookie(AUTH_MARKER, null, "/")
+        .maxAge(0)
+        .secure(false)
+        .httpOnly(false)
+        .build();
+    addResponseCookie(response, emptyAuthMarker);
   }
 
-  public Cookie createAccessCookie(String cookieValue, int expiry) {
-    Cookie authToken = createCookie(SecurityUtil.AUTH_TOKEN, cookieValue, accessCookiePath);
-    authToken.setPath(accessCookiePath);
-    authToken.setMaxAge(expiry);
-    return authToken;
+  private void addResponseCookie(HttpServletResponse response, ResponseCookie cookie) {
+    response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
   }
 
-  public Cookie createAuthMarkerCookie(String cookieValue, int expiry) {
-    Cookie marker = createCookie(AUTH_MARKER, cookieValue, "/");
-    marker.setMaxAge(expiry);
-    marker.setHttpOnly(false);
-    return marker;
+  public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry) {
+    ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath)
+        .maxAge(expiry)
+        .build();
+    addResponseCookie(response, authTokenCookie);
+
+    ResponseCookie authMarker = createCookie(AUTH_MARKER, "true", "/")
+        .maxAge(expiry)
+        .secure(false)
+        .httpOnly(false)
+        .build();
+    addResponseCookie(response, authMarker);
+  }
+
+  public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) {
+    RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+
+    if (requestAttributes == null) {
+      throw new IllegalStateException("Must be called only in request context");
+    }
+    HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(
+        REFERENCE_REQUEST);
+
+    if (request == null) {
+      throw new IllegalStateException("Must be called only in request context");
+    }
+    String cookieValue = value != null ? URLEncoder.encode(value, StandardCharsets.UTF_8) : "";
+    return ResponseCookie.from(name, cookieValue)
+        .path(path != null ? path : request.getContextPath())
+        .httpOnly(true)
+        .domain(accessCookieDomain)
+        .secure(accessCookieSecure)
+        .sameSite(accessCookieSameSite);
   }
 }
diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java
index 69019f1..15c3c7a 100644
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java
@@ -1,19 +1,13 @@
 package ru.micord.ervu.security.webbpm.jwt.util;
 
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
 import java.util.Optional;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.util.WebUtils;
 import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
 
-import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
-
 public final class SecurityUtil {
   public static final String AUTH_TOKEN = "auth_token";
 
@@ -23,24 +17,6 @@ public final class SecurityUtil {
     //empty
   }
 
-  public static Cookie createCookie(String name, String value, String path) {
-    String cookieValue = value != null ? URLEncoder.encode(value, StandardCharsets.UTF_8) : null;
-    Cookie cookie = new Cookie(name, cookieValue);
-    RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
-    HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(
-        REFERENCE_REQUEST);
-
-    if (path != null) {
-      cookie.setPath(path);
-    }
-    else {
-      cookie.setPath(request.getContextPath());
-    }
-    cookie.setHttpOnly(true);
-
-    return cookie;
-  }
-
   public static String extractAuthToken(HttpServletRequest httpRequest) {
     Cookie cookie = WebUtils.getCookie(httpRequest, AUTH_TOKEN);
     return cookie != null ? cookie.getValue() : null;
diff --git a/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java b/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java
new file mode 100644
index 0000000..438338d
--- /dev/null
+++ b/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java
@@ -0,0 +1,51 @@
+package ru.micord.ervu.service;
+
+import com.google.protobuf.InvalidProtocolBufferException;
+import org.apache.kafka.common.utils.Bytes;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import proto.ervu.rp.summons.SummonsResponseData;
+import ru.micord.ervu.converter.SummonsResponseDataConverter;
+import ru.micord.ervu.dto.SubpoenaRequestDto;
+import ru.micord.ervu.dto.SubpoenaResponseDto;
+import ru.micord.ervu.kafka.service.ReplyingKafkaService;
+import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
+
+@Service
+public class SubpoenaService {
+
+  private final ReplyingKafkaService<Object, Bytes> replyingKafkaService;
+  private final SummonsResponseDataConverter converter;
+
+  @Value("${ervu.kafka.recruit.request.topic}")
+  private String recruitRequestTopic;
+  @Value("${ervu.kafka.recruit.reply.topic}")
+  private String recruitReplyTopic;
+
+  public SubpoenaService(
+      @Qualifier("recruit") ReplyingKafkaService<Object, Bytes> replyingKafkaService,
+      SummonsResponseDataConverter converter) {
+    this.replyingKafkaService = replyingKafkaService;
+    this.converter = converter;
+  }
+
+  public SubpoenaResponseDto getSubpoenaData() {
+    String ervuId = SecurityUtil.getErvuId();
+
+    if (ervuId == null) {
+      return new SubpoenaResponseDto.Builder().build();
+    }
+    SubpoenaRequestDto subpoenaRequestDto = new SubpoenaRequestDto(ervuId);
+    byte[] reply = replyingKafkaService.sendMessageAndGetReply(recruitRequestTopic,
+        recruitReplyTopic, subpoenaRequestDto).get();
+
+    try {
+      SummonsResponseData responseData = SummonsResponseData.parseFrom(reply);
+      return converter.convert(responseData);
+    }
+    catch (InvalidProtocolBufferException e) {
+      throw new RuntimeException("Failed to parse data", e);
+    }
+  }
+}
diff --git a/backend/src/main/java/ru/micord/ervu/service/rpc/LoadFormRpcService.java b/backend/src/main/java/ru/micord/ervu/service/rpc/LoadFormRpcService.java
index 36e4c86..58a97f3 100644
--- a/backend/src/main/java/ru/micord/ervu/service/rpc/LoadFormRpcService.java
+++ b/backend/src/main/java/ru/micord/ervu/service/rpc/LoadFormRpcService.java
@@ -3,6 +3,9 @@ package ru.micord.ervu.service.rpc;
 import java.util.List;
 
 import model.FieldData;
+import org.springframework.beans.factory.annotation.Autowired;
+import ru.micord.ervu.dto.SubpoenaResponseDto;
+import ru.micord.ervu.service.SubpoenaService;
 import service.container.FormService;
 
 import ru.cg.webbpm.modules.standard_annotations.validation.NotNull;
@@ -19,8 +22,13 @@ public class LoadFormRpcService extends Behavior {
   @NotNull
   public FormService formService;
 
+  //todo: Remove this shit
+  @Autowired
+  public SubpoenaService subpoenaService;
+
   @RpcCall
-  public List<FieldData> loadData(Object dto) {
-    return formService.loadData(dto);
+  public List<FieldData> loadData() {
+    SubpoenaResponseDto subpoenaData = subpoenaService.getSubpoenaData();
+    return formService.loadData(subpoenaData);
   }
 }
diff --git a/config.md b/config.md
index e708a29..0920c80 100644
--- a/config.md
+++ b/config.md
@@ -760,6 +760,10 @@ JBPM использует 3 корневых категории логирова
   Важно: `ESIA_REDIRECT_URL` должна содержать полный адрес вплоть до последнего слэша:
 > - https://lkul.ervu.loc/ - правильное значение параметра
 > - https://lkul.ervu.loc - неправильное значение параметра
+- `ESIA_LOGOUT_REDIRECT_URL` - ссылка, по которой должен быть направлен пользователь после logout-a
+  Важно: `ESIA_LOGOUT_REDIRECT_URL` должна содержать полный адрес вплоть до последнего слэша:
+> - https://lkul.ervu.loc/home.html - правильное значение параметра
+> - https://lkul.ervu.loc - неправильное значение параметра
 
 - `SIGN_URL` - url для подписания с помощью КриптоПро секрета клиента, необходимого для аутентификации через ЕСИА
 - `ESIA_CLIENT_CERT_HASH` - параметр, содержащий хэш сертификата (fingerprint сертификата) системы-клиента в hex–формате
diff --git a/config/micord.env b/config/micord.env
index 4a44124..4d9a355 100644
--- a/config/micord.env
+++ b/config/micord.env
@@ -12,6 +12,7 @@ ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
 ESIA_CLIENT_ID=MNSV89
 ESIA_CLIENT_CERT_HASH=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD
 ESIA_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/
+ESIA_LOGOUT_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/home.html
 
 SIGN_URL=https://ervu-sign-dev.k8s.micord.ru/sign
 
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 2a42d87..06b5df1 100644
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>ru.micord.ervu.lkrp</groupId>
     <artifactId>fl</artifactId>
-    <version>1.9.3-SNAPSHOT</version>
+    <version>1.9.4-SNAPSHOT</version>
   </parent>
 
   <groupId>ru.micord.ervu.lkrp.fl</groupId>
diff --git a/frontend/index.webpack.html b/frontend/index.webpack.html
index 871a82c..0a55a7e 100644
--- a/frontend/index.webpack.html
+++ b/frontend/index.webpack.html
@@ -4,6 +4,9 @@
     <title>Личный кабинет физ.лица</title>
     <meta http-equiv="content-type" content="text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta http-equiv="Content-Security-Policy"
+          content="default-src 'self'; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
+    <meta name="referrer" content="strict-origin-when-cross-origin"/>
     <link rel="icon" type="image/png" href="src/resources/img/logo.png"/>
 </head>
 <body webbpm class="webbpm ervu_lkrp_fl">
diff --git a/frontend/pom.xml b/frontend/pom.xml
index 2440862..183b3c5 100644
--- a/frontend/pom.xml
+++ b/frontend/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>ru.micord.ervu.lkrp</groupId>
     <artifactId>fl</artifactId>
-    <version>1.9.3-SNAPSHOT</version>
+    <version>1.9.4-SNAPSHOT</version>
   </parent>
 
   <groupId>ru.micord.ervu.lkrp.fl</groupId>
diff --git a/frontend/src/resources/template/app/component/log_out.html b/frontend/src/resources/template/app/component/log_out.html
index f488796..7d81200 100644
--- a/frontend/src/resources/template/app/component/log_out.html
+++ b/frontend/src/resources/template/app/component/log_out.html
@@ -1,6 +1,9 @@
+<form #logoutForm method="post" [action]="formAction" hidden style="display: none">
+    <input type="hidden" name="_csrf" [value]="csrfValue"/>
+</form>
 <button class="user-info" ngbDropdownToggle *ngIf="getIsAuth()">{{getUserFullname()}}</button>
 <div ngbDropdownMenu *ngIf="getIsAuth()">
     <a routerLink="/mydata" class="data">Мои данные</a>
-    <button ngbDropdownItem class="exit" (click)="logout()">Выйти</button>
+    <button ngbDropdownItem class="exit" (click)="logoutForm.submit()">Выйти</button>
 </div>
-<button class="exit" *ngIf="!getIsAuth()" (click)="logout()">Выйти</button>
\ No newline at end of file
+<button class="exit" *ngIf="!getIsAuth()" (click)="logoutForm.submit()">Выйти</button>
diff --git a/frontend/src/ts/ervu/component/container/LoadForm.ts b/frontend/src/ts/ervu/component/container/LoadForm.ts
index 4a785b8..06f3018 100644
--- a/frontend/src/ts/ervu/component/container/LoadForm.ts
+++ b/frontend/src/ts/ervu/component/container/LoadForm.ts
@@ -1,7 +1,6 @@
 import {Form} from "@webbpm/base-package";
 import {ChangeDetectionStrategy, Component} from "@angular/core";
 import {ErvuDataService} from "../../../modules/app/service/ervu-data.service";
-import {Subscription} from "rxjs";
 import {LoadFormRpcService} from "../../../generated/ru/micord/ervu/service/rpc/LoadFormRpcService";
 
 @Component({
@@ -14,25 +13,16 @@ export class LoadForm extends Form {
 
   private formRpcService: LoadFormRpcService;
   private ervuDataService: ErvuDataService;
-  private subscription: Subscription;
-
-  private valuesData: string;
 
   initialize() {
     super.initialize();
     this.formRpcService = this.getScript(LoadFormRpcService);
     this.ervuDataService = this.injector.get(ErvuDataService);
-    this.subscription = this.ervuDataService.message.subscribe(value => {
-      if (value) {
-        this.valuesData = value;
-        this.loadData();
-      }
-    });
   }
 
   loadData(): Promise<any> {
     return this.formRpcService
-        .loadData(this.valuesData)
+        .loadData()
         .then(fieldDataList => this.setData(fieldDataList))
         .catch(reason => {
           throw new Error(reason);
@@ -49,6 +39,5 @@ export class LoadForm extends Form {
 
   ngOnDestroy() {
     super.ngOnDestroy();
-    this.subscription.unsubscribe();
   }
 }
diff --git a/frontend/src/ts/modules/app/component/logout.component.ts b/frontend/src/ts/modules/app/component/logout.component.ts
index c6674d4..5d5d319 100644
--- a/frontend/src/ts/modules/app/component/logout.component.ts
+++ b/frontend/src/ts/modules/app/component/logout.component.ts
@@ -1,21 +1,45 @@
-import {ChangeDetectorRef, Component, OnInit} from "@angular/core";
-import {HttpClient} from "@angular/common/http";
+import {ChangeDetectorRef, Component, DoCheck, OnInit} from "@angular/core";
+import {HttpClient, HttpXsrfTokenExtractor} from "@angular/common/http";
 import {CookieService} from "ngx-cookie";
+import {AppConfigService} from "@webbpm/base-package";
 
 @Component({
   moduleId: module.id,
   selector: "[log-out]",
   templateUrl: "../../../../../src/resources/template/app/component/log_out.html"
 })
-export class LogOutComponent implements OnInit{
+export class LogOutComponent implements OnInit, DoCheck{
+  private static readonly BACKEND_URL: string = "backend.url";
+  private static readonly BACKEND_CONTEXT: string = "backend.context";
+  private static readonly LOGOUT_URL_POSTFIX: string = "/esia/logout";
 
   private userFullname: string;
+  csrfValue: any;
+  formAction: any;
 
   constructor(private httpClient: HttpClient,
-                    private cookieService: CookieService, private cd: ChangeDetectorRef) {
+              private cookieService: CookieService,
+              private appConfigService: AppConfigService,
+              private tokenExtractor: HttpXsrfTokenExtractor,
+              private cd: ChangeDetectorRef) {
+    let backendUrl = this.appConfigService.getParamValue(LogOutComponent.BACKEND_URL);
+    let backendContext = this.appConfigService.getParamValue(
+        LogOutComponent.BACKEND_CONTEXT);
+
+    if (backendUrl) {
+      this.formAction = `${backendUrl}${LogOutComponent.LOGOUT_URL_POSTFIX}`;
+    }
+    else if (backendContext) {
+      this.formAction = `/${backendContext}${LogOutComponent.LOGOUT_URL_POSTFIX}`;
+    }
+  }
+
+  ngDoCheck(): void {
+    this.csrfValue = this.tokenExtractor.getToken();
   }
 
   ngOnInit(): void {
+    this.csrfValue = this.tokenExtractor.getToken();
     let isAuth = this.getIsAuth();
     if (isAuth) {
       Promise.all([
@@ -27,12 +51,6 @@ export class LogOutComponent implements OnInit{
     }
   }
 
-  logout(): Promise<any> {
-    return this.httpClient.post<string>('esia/logout', {}, { responseType: 'text' as 'json' }).toPromise().then(url => {
-      window.open(url, "_self");
-    });
-  }
-
   public getUserFullname(): string {
     return this.userFullname;
   }
@@ -40,4 +58,4 @@ export class LogOutComponent implements OnInit{
   public getIsAuth(): boolean {
     return this.cookieService.get("webbpm.ervu-lkrp-fl") != null;
   }
-}
\ No newline at end of file
+}
diff --git a/pom.xml b/pom.xml
index 8738e22..a62223b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>ru.micord.ervu.lkrp</groupId>
   <artifactId>fl</artifactId>
-  <version>1.9.3-SNAPSHOT</version>
+  <version>1.9.4-SNAPSHOT</version>
   <packaging>pom</packaging>
   <modules>
     <module>backend</module>
diff --git a/resources/pom.xml b/resources/pom.xml
index 1516999..94913d8 100644
--- a/resources/pom.xml
+++ b/resources/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>ru.micord.ervu.lkrp</groupId>
     <artifactId>fl</artifactId>
-    <version>1.9.3-SNAPSHOT</version>
+    <version>1.9.4-SNAPSHOT</version>
   </parent>
 
   <groupId>ru.micord.ervu.lkrp.fl</groupId>