Skip to content

Content Security Policy (CSP)

If your website uses Content Security Policy (CSP), CookieTractor's scripts and API requests may be blocked by the browser. This is typically shown as error messages in the browser console.

Below are common CSP-related errors that occur when CookieTractor is not allowed in the websites Content Security Policy.

Common CSP errors

script-src - Script blocked

This error occurs when CookieTractor’s script is loaded from a domain that is not allowed in the script-src directive. The browser blocks the script and displays an error in the console containing the text
violates the following Content Security Policy directive: script-src”,
which means that CookieTractor is not loaded correctly.

Example of a CSP error in the browser console when a script is blocked by script-src

connect-src – API requests blocked

When API requests are blocked by the connect-src directive, the browser displays an error in the console with text such as  
Refused to connect because it violates the document's Content Security Policy” or  
violates the following Content Security Policy directive: connect-src”.

This means that CookieTractor cannot communicate with its services, which may affect features such as consent, status, or configuration.

Example of a CSP error in the browser console when an API request is blocked by connect-src

Solution

Add the following domains to your CSP header:

scrips-src: https://*.cookietractor.com

connect-src: https://*.cookietractor.com