Placing ads on websites with CSP

If you want ads displayed on your site, embed the ad unit code inside the HTML code of your site pages. Websites that support the Content Security Policy will only execute this embed code under special circumstances. In particular, the browser needs to receive permission to process data in the HTTP header, which includes the permission to display ads, load images, and use styles.

Add the following code to the HTTP header:

Content-Security-Policy:
  default-src 'none';
  connect-src 'self' blob: yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com;
  frame-src yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru;
  img-src 'self' *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com data:;
  media-src yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com blob: data:;
  script-src 'unsafe-inline' 'unsafe-eval' yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com;
  style-src 'unsafe-inline' 'unsafe-eval' yastatic.net *.adfox.ru;
  font-src 'self' yastatic.net data:;

For img-src, we recommend adding a lot of *.yandex.com subdomains. This will let you keep your settings unchanged in the future.