diff --git a/phpgwapi/inc/class.egw_framework.inc.php b/phpgwapi/inc/class.egw_framework.inc.php
index 65ad82747b..88aa4193d3 100644
--- a/phpgwapi/inc/class.egw_framework.inc.php
+++ b/phpgwapi/inc/class.egw_framework.inc.php
@@ -180,18 +180,50 @@ abstract class egw_framework
 				//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
 			}
 		}
-		//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_script_src_attrs)).' '.function_backtrace());
+		//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_connect_src_attrs)).' '.function_backtrace());
 		return implode(' ', self::$csp_connect_src_attrs);
 	}
 
 	/**
-	 * Query additional CSP frame-src from current app
+	 * Additional attributes or urls for CSP frame-src 'self'
 	 *
-	 * @return array
+	 * @var array
 	 */
-	protected function _get_csp_frame_src()
+	private static $csp_frame_src_attrs;
+
+	/**
+	 * Set/get Content-Security-Policy attributes for frame-src:
+	 *
+	 * Calling this method with an empty array sets no frame-src, but "'self'"!
+	 *
+	 * @param string|array $set =array() URL (incl. protocol!)
+	 * @return string with attributes eg. "'unsafe-inline'"
+	 */
+	public static function csp_frame_src_attrs($set=null)
 	{
-		return $GLOBALS['egw']->hooks->single('csp-frame-src', $GLOBALS['egw_info']['flags']['currentapp']);
+		// set frame-src attrs of API and apps via hook
+		if (!isset(self::$csp_frame_src_attrs) && !isset($set))
+		{
+			$frame_src = array('manual.egroupware.org', 'www.egroupware.org');
+			if (($additional = $GLOBALS['egw']->hooks->single('csp-frame-src', $GLOBALS['egw_info']['flags']['currentapp'])))
+			{
+				$frame_src = array_unique(array_merge($frame_src, $additional));
+			}
+			return self::csp_frame_src_attrs($frame_src);
+		}
+
+		if (!isset(self::$csp_frame_src_attrs)) self::$csp_frame_src_attrs = array();
+
+		foreach((array)$set as $attr)
+		{
+			if (!in_array($attr, self::$csp_frame_src_attrs))
+			{
+				self::$csp_frame_src_attrs[] = $attr;
+				//error_log(__METHOD__."() setting CSP script-src $attr ".function_backtrace());
+			}
+		}
+		//error_log(__METHOD__."(".array2string($set).") returned ".array2string(implode(' ', self::$csp_frame_src_attrs)).' '.function_backtrace());
+		return implode(' ', self::$csp_frame_src_attrs);
 	}
 
 	/**
@@ -207,13 +239,10 @@ abstract class egw_framework
 		// - "connect-src 'self'" allows ajax requests only to self
 		// - "style-src 'self' 'unsave-inline'" allows only self and inline style, which we need
 		// - "frame-src 'self' manual.egroupware.org" allows frame and iframe content only for self or manual.egroupware.org
-		$frame_src = array("'self'", 'manual.egroupware.org', 'www.egroupware.org');
-		if (($additional = $this->_get_csp_frame_src())) $frame_src = array_unique(array_merge($frame_src, $additional));
-
 		$csp = "script-src 'self' ".self::csp_script_src_attrs().
 			"; connect-src 'self' ".self::csp_connect_src_attrs().
 			"; style-src 'self' ".self::csp_style_src_attrs().
-			"; frame-src ".implode(' ', $frame_src);
+			"; frame-src 'self' ".self::csp_frame_src_attrs();
 
 		//$csp = "default-src * 'unsafe-eval' 'unsafe-inline'";	// allow everything
 		header("Content-Security-Policy: $csp");
@@ -512,8 +541,7 @@ abstract class egw_framework
 	*/
 	function login_screen($extra_vars)
 	{
-		//allow to include JSONP file with social media urls from egroupware.org
-		self::csp_script_src_attrs('https://www.egroupware.org');
+		self::csp_frame_src_attrs(array());	// array() no external frame-sources
 
 		//error_log(__METHOD__."() server[template_dir]=".array2string($GLOBALS['egw_info']['server']['template_dir']).", this->template=$this->template, this->template_dir=$this->template_dir, get_class(this)=".get_class($this));
 		$tmpl = new Template($GLOBALS['egw_info']['server']['template_dir']);
diff --git a/phpgwapi/js/login.js b/phpgwapi/js/login.js
index 0fff07bc79..26820641fb 100644
--- a/phpgwapi/js/login.js
+++ b/phpgwapi/js/login.js
@@ -1,19 +1,19 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+/**
+ * EGroupware login page javascript
+ *
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @package etemplate
+ * @subpackage api
+ * @link http://www.egroupware.org
+ * @version $Id$
  */
 
-
-egw_LAB.wait(function() {
-	$j.ajax('https://www.egroupware.org/social.js', {
-		dataType: "jsonp",
-		jsonp: false,
-		jsonpCallback: "do_social",
-		cache: true
-	}).done(function(_data)
+egw_LAB.wait(function()
+{
+	$j(document).ready(function()
 	{
-		$j(document).ready(function() {
+		function do_social(_data)
+		{
 			var isPixelegg = $j('link[href*="pixelegg.css"]')[0];
 			var social = $j(document.createElement('div'))
 				.attr({
@@ -34,6 +34,12 @@ egw_LAB.wait(function() {
 				.append($j(document.createElement('img'))
 					.attr('src', data.svg));
 			}
-		});
+		}
+
+		do_social([
+			{ "svg": egw_webserverUrl+"/phpgwapi/templates/default/images/login_contact.svg", "url": "https://www.egroupware.org/en/contact.html", "lang": { "de": "https://www.egroupware.org/de/kontakt.html" }},
+			{ "svg": egw_webserverUrl+"/phpgwapi/templates/default/images/login_facebook.svg", "url": "https://www.facebook.com/egroupware" },
+			{ "svg": egw_webserverUrl+"/phpgwapi/templates/default/images/login_twitter.svg", "url": "https://twitter.com/egroupware" }
+		]);
 	});
 });
diff --git a/phpgwapi/templates/default/images/login_contact.svg b/phpgwapi/templates/default/images/login_contact.svg
new file mode 100644
index 0000000000..5ce8142435
--- /dev/null
+++ b/phpgwapi/templates/default/images/login_contact.svg
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<?xml-stylesheet type="text/css" href="../../../../pixelegg/less/svg.css" ?>
+<svg version="1.1" id="mail_navbar" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="28.347px" height="28.347px" viewBox="0 0 28.347 28.347" enable-background="new 0 0 28.347 28.347" xml:space="preserve">
+<g>
+	<path fill-rule="evenodd" clip-rule="evenodd" fill="#ECEDED" d="M20.038,16.039c-3.507,0-5.767,2.659-5.767,5.72
+		c0,2.867,2.195,4.649,4.788,4.649c1.059,0,1.942-0.163,2.812-0.595l-0.253-0.639c-0.647,0.342-1.485,0.521-2.386,0.521
+		c-2.338,0-4.06-1.545-4.06-4.026c0-3.016,2.164-4.947,4.739-4.947c2.448,0,3.823,1.561,3.823,3.729
+		c0,1.708-0.901,2.733-1.707,2.703c-0.521-0.015-0.711-0.534-0.473-1.663l0.537-2.689c-0.412-0.178-1.028-0.312-1.691-0.312
+		c-2.196,0-3.743,1.68-3.743,3.521c0,1.174,0.789,1.871,1.706,1.871c0.947,0,1.674-0.43,2.228-1.307h0.046
+		c-0.03,0.921,0.554,1.307,1.186,1.307c1.469,0,2.797-1.307,2.797-3.535C24.62,17.866,22.787,16.039,20.038,16.039z M20.67,21.061
+		c-0.174,0.92-1.011,2.02-1.927,2.02c-0.695,0-1.043-0.476-1.043-1.129c0-1.44,1.121-2.674,2.512-2.674
+		c0.363,0,0.632,0.06,0.79,0.119L20.67,21.061z"/>
+	<polygon fill-rule="evenodd" clip-rule="evenodd" fill="#ECEDED" points="22.897,4.501 22.467,2.624 2.439,7.218 2.869,9.095 
+		14.319,13.058 	"/>
+	<path fill-rule="evenodd" clip-rule="evenodd" fill="#ECEDED" d="M23.185,6.551l-8.578,8.556l-11.45-3.961l2.44,9.842l7.337-1.684
+		c0.902-2.904,3.611-5.013,6.812-5.013c2.052,0,3.896,0.872,5.197,2.259l0.683-0.157L23.185,6.551z"/>
+</g>
+</svg>
diff --git a/phpgwapi/templates/default/images/login_facebook.svg b/phpgwapi/templates/default/images/login_facebook.svg
new file mode 100644
index 0000000000..11f9e72b08
--- /dev/null
+++ b/phpgwapi/templates/default/images/login_facebook.svg
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="facebook" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="28.35px" height="28.35px" viewBox="0 0 28.35 28.35" enable-background="new 0 0 28.35 28.35" xml:space="preserve">
+<g>
+	<defs>
+		<rect id="SVGID_1_" x="0.003" y="0.003" width="28.344" height="28.344"/>
+	</defs>
+	<clipPath id="SVGID_2_">
+		<use xlink:href="#SVGID_1_"  overflow="visible"/>
+	</clipPath>
+	<path clip-path="url(#SVGID_2_)" fill="#35528F" d="M26.782,28.347c0.863,0,1.564-0.7,1.564-1.564V1.567
+		c0-0.863-0.701-1.563-1.564-1.563H1.567c-0.864,0-1.564,0.7-1.564,1.563v25.216c0,0.864,0.7,1.564,1.564,1.564H26.782z"/>
+	<path clip-path="url(#SVGID_2_)" fill="#FFFFFF" d="M19.56,28.347V17.371h3.684l0.553-4.278H19.56v-2.731
+		c0-1.238,0.344-2.083,2.119-2.083l2.266-0.001V4.452c-0.393-0.053-1.736-0.169-3.301-0.169c-3.266,0-5.502,1.993-5.502,5.654v3.155
+		h-3.693v4.278h3.693v10.976H19.56z"/>
+</g>
+</svg>
diff --git a/phpgwapi/templates/default/images/login_twitter.svg b/phpgwapi/templates/default/images/login_twitter.svg
new file mode 100644
index 0000000000..4fcc581878
--- /dev/null
+++ b/phpgwapi/templates/default/images/login_twitter.svg
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 16.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="twitter" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 width="28.35px" height="28.35px" viewBox="0 0 28.35 28.35" enable-background="new 0 0 28.35 28.35" xml:space="preserve">
+<g>
+	<defs>
+		<rect id="SVGID_1_" x="0.002" y="0.003" width="28.345" height="28.344"/>
+	</defs>
+	<clipPath id="SVGID_2_">
+		<use xlink:href="#SVGID_1_"  overflow="visible"/>
+	</clipPath>
+	<path clip-path="url(#SVGID_2_)" fill="#6BACD9" d="M26.782,28.347c0.863,0,1.564-0.701,1.564-1.564V1.566
+		c0-0.863-0.701-1.563-1.564-1.563H1.566c-0.864,0-1.564,0.7-1.564,1.563v25.216c0,0.863,0.7,1.564,1.564,1.564H26.782z"/>
+	<path clip-path="url(#SVGID_2_)" fill="#FFFFFF" d="M26.041,7.459c-0.874,0.388-1.813,0.65-2.8,0.768
+		c1.006-0.604,1.779-1.559,2.143-2.697c-0.941,0.559-1.984,0.965-3.096,1.183C21.4,5.764,20.132,5.173,18.73,5.173
+		c-2.693,0-4.875,2.184-4.875,4.875c0,0.383,0.043,0.755,0.125,1.111C9.928,10.956,6.335,9.014,3.93,6.065
+		c-0.42,0.72-0.66,1.558-0.66,2.45c0,1.692,0.861,3.185,2.169,4.06c-0.799-0.026-1.551-0.245-2.208-0.61
+		C3.23,11.985,3.23,12.006,3.23,12.026c0,2.362,1.681,4.333,3.911,4.78c-0.409,0.111-0.84,0.172-1.284,0.172
+		c-0.314,0-0.62-0.031-0.918-0.088c0.621,1.938,2.422,3.348,4.555,3.387c-1.669,1.307-3.771,2.088-6.055,2.088
+		c-0.394,0-0.782-0.023-1.163-0.068c2.157,1.383,4.72,2.189,7.474,2.189c8.968,0,13.872-7.43,13.872-13.872
+		c0-0.212-0.006-0.422-0.014-0.631C24.562,9.296,25.387,8.436,26.041,7.459"/>
+</g>
+</svg>