Version 2 - CSP2 conformance

Conformance to http://www.w3.org/TR/CSP2/ except Hash and Nonce.

• Referrer directive removed
• Reflected-xss directive removed
• FrameSrc deprecated
• AncestorSource added
• bug fixes
• internal improvements