Placing ads on websites with CSP

If you want ads displayed on your site, embed the ad block code inside the HTML code of your site pages. Websites that support the Content Security Policy will only execute this embed code under special circumstances. In particular, the browser needs to receive permission to process data in the HTTP header, which includes the permission to display ads, load images, and use styles.

Add the following code to the HTTP header:

Content-Security-Policy:
                  default-src 'none';
                  connect-src 'self' an.yandex.ru strm.yandex.ru verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru;
                  frame-src awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net;
                  img-src 'self' data: *.yandex.net an.yandex.ru verify.yandex.ru *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net;
                  media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data:;
                  script-src 'unsafe-inline' 'unsafe-eval' an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru;
                  style-src 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net;
                  font-src 'self' data: an.yandex.ru yastatic.net yastat.net

For img-src, we recommend adding a lot of *.yandex.com subdomains. This will let you keep your settings unchanged in the future.