diff --git a/config/nginx.conf.template b/config/nginx.conf.template
index 0d3e0ad..88f5995 100644
--- a/config/nginx.conf.template
+++ b/config/nginx.conf.template
@@ -57,7 +57,7 @@ server {
         index index.html;
         expires -1;
 
-        add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' https:; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
+        add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' https://www.sberbank.ru; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
 
 	    # Media: images, icons, video, audio, HTC
 	    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|ttf)$ {
diff --git a/html/index.html b/html/index.html
index e3b5909..859c0b1 100644
--- a/html/index.html
+++ b/html/index.html
@@ -5,7 +5,7 @@
 		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta http-equiv="Content-Security-Policy"
-			  content="default-src 'self'; connect-src 'self' https:; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
+			  content="default-src 'self'; connect-src 'self' https://www.sberbank.ru; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
 		<meta name="referrer" content="strict-origin-when-cross-origin"/>
 		<script src="script/cert-checker.js"></script>
 	</head>