Content Security Policy edit

Download PDF

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware. Read more on CSP at MDN.

For Simple Analytics you want to add the following Content Security Policy header (we included 'self' for all as well):

Content-Security-Policy: script-src 'self'; connect-src 'self'; img-src 'self';

Alternatively, a <meta> element can be used to configure a policy, for example:

<meta http-equiv="Content-Security-Policy" content="script-src 'self'; connect-src 'self'; img-src 'self';">

Basically we use for our public script, to send Beacon API data and error requests, and we use also for sending data through our pixel.

Don’t forget to add your own assets to the above Content Security Policy.