How can we help?
< All Topics

How to configure your CSP

Firstly, if you’re wondering what on earth a CSP is? It’s short for Content Security Policy.

A Content Security Policy (or CSP) is an extra layer of browser security. It allows a web server to specify which sources of code it trusts when responding to a web browser, which protects mainly against XSS attacks. This means that even if you clicked on a phishing link, the CSP would stop the browser from loading the page. Clever.

Having a CSP can protect you from data theft, vulnerability to malware, and your own site being infected with malware.

If you want to learn more about CSPs and how to use them, go here!

How to use WOEXA with a CSP

If you already have your own CSP in place, you should add the below values into your own script-src / img-src directives:

script-src https://* https://*; img-src https://* https://*;

If you’re starting fresh and don’t already have a CSP, then a good starting point would look something like this:

script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* 
https://* https://*; img-src 'self' 
https://* https://*;

This allows both WOEXA and your own to be trusted sources of code, and will not stop your browser from loading the page.

NOTE: The above ‘https://*’ source is only required if you’re using Google Tag Manager to load WOEXA Tracking. If you’re not using Google Tag Manager, then you can remove this, but you don’t have to – it just won’t do anything!

Have more questions? Contact us at

Table of Contents