[null,null,["最終更新日 2024-11-24 UTC。"],[[["Content Security Policy (CSP) secures your webpage by controlling resource loading and execution, and Google Publisher Tag (GPT) supports strict CSP using nonces."],["Strict CSP requires setting a `Content-Security-Policy` header with a random nonce, applied to all script tags including GPT's `gpt.js`."],["Cross-domain rendering is necessary with CSP and GPT, enabled by calling `googletag.pubads().setForceSafeFrame(true)` before ad slots load."],["To avoid breaking your site, it's recommended to test your CSP policies first using the `Content-Security-Policy-Report-Only` header for monitoring violations."]]],["Content Security Policy (CSP) secures web pages by controlling allowed resources. For Google Publisher Tag (GPT), only strict CSP using nonces is supported due to dynamic domain usage. Implementation involves: 1) Enabling CSP on the server by adding a `Content-Security-Policy` header, applying nonces to all script tags, including `gpt.js`, and defining directives like `script-src` and 2) Enabling cross-domain rendering for all ads using `googletag.pubads().setForceSafeFrame(true)`. Testing should use the `Content-Security-Policy-Report-Only` header.\n"]]