### Example Combined CSP Header

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This example shows a comprehensive Content Security Policy header that includes directives for img-src, script-src with nonce, and connect-src.

```http
Content-Security-Policy:
 ...
 img-src https://mc.yandex.ru;
 script-src https://mc.yandex.ru https://yastatic.net 'nonce-<последовательность символов>';
 connect-src https://mc.yandex.ru;
 ...
```

--------------------------------

### Example HTTP Header with Multiple CSP Directives

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

An example of a comprehensive HTTP header that includes multiple Content Security Policy directives for Yandex Metrica integration.

```http
Content-Security-Policy:
 ...
 img-src https://mc.yandex.ru;
 script-src 'self' https://mc.yandex.ru https://yastatic.net;
 connect-src https://mc.yandex.ru;
 ...
```

--------------------------------

### Yandex Metrica inline script with nonce

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This is an example of the Yandex Metrica counter code embedded directly in HTML, using a nonce attribute that must match the CSP directive.

```html
<script type="text/javascript" nonce="<последовательность символов>">
    (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||
    []).push(arguments)};
...
```

--------------------------------

### Yandex Metrica Initialization Code

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

The core JavaScript code for initializing Yandex Metrica, to be placed in an external 'metrika.js' file. Replace XXXXXX with your counter ID.

```javascript
(function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)};
    m[i].l=1*new Date();k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)})
    (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym")
    ym(XXXXXX, "init", {
        id:XXXXXX,
        clickmap:true,
        trackLinks:true,
        accurateTrackBounce:true
    });
```

--------------------------------

### CSP connect-src directive for Metrica connection

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This directive permits connections to Yandex Metrica servers, which is required for data transmission.

```http
Content-Security-Policy: connect-src https://mc.yandex.ru;
```

--------------------------------

### CSP: Allow Yandex Metrica Script Loading

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

Configure the 'script-src' directive in your Content Security Policy to permit scripts from Yandex Metrica domains.

```http
Content-Security-Policy: script-src https://mc.yandex.ru https://yastatic.net;
```

--------------------------------

### Include Yandex Metrica via External Script

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

Embed the Yandex Metrica counter by referencing an external JavaScript file using the 'script' tag with the 'src' attribute.

```html
<script type="text/javascript" src="/metrika.js"></script>
```

--------------------------------

### CSP child-src directive for Webvisor

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

Use this directive to enable features like Webvisor, click maps, and scrolling by allowing nested browsing contexts and blob URLs.

```http
Content-Security-Policy: child-src blob: https://mc.yandex.ru;
```

--------------------------------

### Yandex Metrica Fallback for No-JavaScript Users

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

Include this HTML snippet in your page's 'noscript' tag to provide basic tracking for users with JavaScript disabled.

```html
<noscript><div><img src="https://mc.yandex.ru/watch/XXXXXX" style="position:absolute; left:-9999px;" alt="" /></div></noscript>
```

--------------------------------

### CSP script-src directive with nonce

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

Use this directive to allow inline scripts with a unique nonce value. The nonce must be generated server-side for each request and match the nonce attribute in the script tag.

```http
Content-Security-Policy: script-src 'nonce-<последовательность символов>';
```

--------------------------------

### CSP img-src directive for noscript

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This directive allows the browser to load images, which is necessary for the Yandex Metrica counter's noscript element to function correctly.

```http
Content-Security-Policy: img-src https://mc.yandex.ru;
```

--------------------------------

### CSP frame-src directive for Webvisor

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This directive is similar to child-src and is used to allow embedded framing content, including blob URLs, for features like Webvisor.

```http
Content-Security-Policy: frame-src blob: https://mc.yandex.ru;
```

--------------------------------

### CSP frame-ancestors directive for Webvisor

Source: https://yandex.ru/support/metrica/ru/code/install-counter-csp

This directive controls which pages can embed the current page using frames, essential for Webvisor and related features.

```http
Content-Security-Policy: frame-ancestors: http://metrika.yandex.ru;
```

=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.