Something like “decentraleyes” for Privoxy…

[vlad_s]

I apologize for my accusations. Yes, in the latter case, I confused a lot of things, but I was sent on the right path. The working scheme for such a capricious site looks like this:
filter

Code:

CLIENT-HEADER-FILTER: redirect-uri-u redirect-uri-u
s@(GET)\s+(https?://)[^,%]+\b(angularjs|jquery|modernizr|momentjs)/([0-9\.]+)/[a-z\-]+\b[^/]*\.js\s+(HTTP/\d+\.\d+)$@$1 $2\192.168.2.1/decentraleyes/$3/$4/$3.min.jsm $5@i
s@(Host:)\s+.*$@$1 192.168.2.1@i

SERVER-HEADER-FILTER: Add-Access-Control-Allow-Origin Add Access-Control-Allow-Origin header
s@^(HTTP\/\d+\.\d+\s+.*)$@$1\nAccess-Control-Allow-Origin: *@i

action

Code:

{+client-header-filter{redirect-uri-u} \
}
yastatic.net/(angularjs|jquery|jquery-ui|modernizr)/
yandex.st/(angularjs|jquery|jquery-ui|modernizr)/
{+server-header-filter{Add-Access-Control-Allow-Origin} \
}
yastatic.net/(angularjs|jquery|jquery-ui|modernizr)/
yandex.st/(angularjs|jquery|jquery-ui|modernizr)/

Substitution is not noticeable for the browser, you do not need to add your host to the Content-Security-Policy headers.