Which Content Security Policy (CSP) is required for Usercentrics to function?

The Content Security Policy is a security protocol that tells the browser where files may be loaded from.

The Content Security Policy is a security protocol that tells the browser where files may be loaded from.

Note that the policy is meant to be controlled via the HTTP response header, which is sent back by the webserver that serves the application / webpage. Browsers also support control via a meta tag that can be placed in the page <head>, but not all browser do (e.g. IE doesn't).
The loader.js script requires the 'unsafe-eval'. If you have security concerns, we recommend using the bundle.js script without the 'unsafe-eval'.

If your site uses CSP, the following sources must be included in all CSP directives (script-src, img-src etc.) to ensure the Usercentrics CMP resources are not blocked: https://*.usercentrics.eu.

The following <meta>-tag is an example of what a browser-side implementation of a CSP policy might look like:

With 'unsafe-eval' to use with loader.js script

<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self' 'unsafe-eval'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">

Without 'unsafe-eval' to use with bundle.js script

<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">

You can find more information about the CSP here, here and here.

Weitere Hilfe benötigt?

Wie bekomme ich Hilfe bei technischen Fragen?