Why this Content-Security-Policy header?

DevTools gives me the info below. How can I otherwise solve the issue besides adding a CSP?

I tried adding to htacess: Header add Content-Security-Policy "frame-src 'self';"googleads.g.doubleclick.net

But that changed the layout of my site and removed all ads.

------

Content Security Policy of your site blocks some resources because their origin is not included in the content security policy header

The Content Security Policy (CSP) improves the security of your site by defining a list of trusted sources and instructs the browser to only execute or render resources from this list. Some resources on your site can’t be accessed because their origin is not listed in the CSP. To solve this, carefully check that all of the blocked resources listed below are trustworthy; if they are, include their sources in the content security policy of your site. You can set a policy as a HTTP header (recommended), or via an HTML tag.

⚠️ Never add a source you don’t trust to your site’s Content Security Policy. If you don’t trust the source, consider hosting resources on your own site instead.

Resource Status Directive Source code
[pagead2.googlesyndication.com...] blocked frame-src googleads.g.doubleclick.net/pagead/ads:1

I don't think you understood the question. For what specific reason did you setup your server to have that CSP header?

Are you using, or could you (at some point in the future) be using i-frames from sources other that Adsense? I really don't see any logic for using a CSP to restrict the sources of frames on your site, with the one exception case, that user's are able to add i-frames without your knowledge.

Are you using, or could you (at some point in the future) be using i-frames from sources other that Adsense? I really don't see any logic for using a CSP to restrict the sources of frames on your site, with the one exception case, that user's are able to add i-frames without your knowledge.

Thanks for the reply, but the answer is no I'm not... I was just trying to solve the error.

But the error suggests that you are setting a CSP and the CSP is blocking Adsense. What CSP header are you setting now? Have you checked specifically with dev-tools what headers are being set?

Almost all website using adsense getting this error intermittently. Google adsense need to solve this issue not the webmaster.

In this case it appears to be a self-inflicted wound. The CSP header is blocking all external content as might come for AdSense ads. Those ads definitely do not originate on your own domain and the

Header add Content-Security-Policy "frame-src 'self';"

would prevent external content from being displayed. If you have changed that, what headers are being set now?

More about the CSP headers from Mozilla: [developer.mozilla.org...]

It looks like

Content-Security-Policy: frame-src <source> <source>;

is what you are aiming for?

Not using any CSP and other site also faving same issue which also not using CSP

maybe you're narrowing down the domains too much, by including the subdomains.
try changing them for a wildcard instead
these are all the google domains that i know of, and use on my own site (i also use google analytics)

*.googleadservices.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.ggpht.com *.google.com *.google.co.uk *.gstatic.com *.doubleclick.net

We are not setting any CSP at all. Still getting these errors.

@yaashul - The responses here are not in response to your posts, they are directed toward jc2021 who does have a CSP and has asked for help with it, so please do not be surprised that the responses are not helpful for your situation.

You can start another thread if you wish to discuss a different situation.