Welcome to WebmasterWorld Guest from 188.8.131.52
Header set Content-Security-Policy "script-src 'self' https://apis.google.com"
aare you using a CDN?No CDN, same source (self) for all content, Yes, again, the Adsense address is what Google says to use.
are you serving your js resources from the same hostname as the page's url?
have you included the proper hostname of the adsense api server in the Header directive?
I implemented CSP in the header, specific to each site.Do you use