Usercentrics - PUBLIC
Which Content Security Policy (CSP) is required for Usercentrics to function?
The Content Security Policy is a security protocol that tells the browser where files may be loaded from. |
---|
Note that the policy is meant to be controlled via the HTTP response header, which is sent back by the webserver that serves the application / webpage. Browsers also support control via a meta tag that can be placed in the page <head>
, but not all browser do (e.g. IE doesn't).
The loader.js
script requires the 'unsafe-eval'
. If you have security concerns, we recommend using the bundle.js
script without the 'unsafe-eval'
.
If your site uses CSP, the following sources must be included in all CSP directives (script-src, img-src etc.) to ensure the Usercentrics CMP resources are not blocked: https://*.usercentrics.eu.
The following <meta>
-tag is an example of what a browser-side implementation of a CSP policy might look like:
With
'unsafe-eval'
to use withloader.js
script
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self' 'unsafe-eval'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">
Without
'unsafe-eval'
to use withbundle.js
script
<meta http-equiv="Content-Security-Policy" content="script-src https://*.usercentrics.eu 'self'; connect-src 'self' https://*.usercentrics.eu; img-src 'self' https://*.usercentrics.eu;">
Weitere Hilfe benötigt?
Usercentrics - PUBLIC