The Content Security Policy is a security protocol that tells the browser where files may be loaded from. |
---|
Info |
---|
Note that the policy is meant to be controlled via the HTTP response header, which is sent back by the webserver that serves the application / webpage. Browsers also support control via a meta tag that can be placed in the page |
If your site uses CSP, the following sources must be included in all CSP directives (script-src, img-src etc.) to ensure the Usercentrics CMP resources are not blocked: https://*.usercentrics.eu.
The following <meta>
-tag is an example of what a browser-side implementation of a CSP policy might look like:
With
'unsafe-eval'
to use withloader.js
script
Code Block |
---|
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self' 'unsafe-eval'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;"> |
Without
'unsafe-eval'
to use withbundle.js
script
Code Block |
---|
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;"> |
Tip |
---|
You can find more information about the CSP here, here andhere. |