Market Ruler HelpDifference between revisions of "ConversionRuler Content Security Policy for Installations"
From Market Ruler Help
(Created page with "For sites which have Content Security Policy (or CSP) headers enabled for more advanced security. Your web server administrator will need to configure your web server...") |
(No difference)
|
Revision as of 19:18, 4 February 2026
For sites which have Content Security Policy (or CSP) headers enabled for more advanced security.
Your web server administrator will need to configure your web server to add ConversionRuler's domains to the `Content-Security-Policy` headers for your site to enable ConversionRuler to communicate with the tracking servers.
ConversionRuler requires the following permissions:
-
script-srcfor loading our report script -
connect-srcfor tracking -
img-srcfor image tracking (alternate method)
An example Content Security Policy header looks like:
Content-Security-Policy: default-src 'self'; connect-src 'self' *.ruler.to *.conversionruler.com; frame-ancestors 'self'; frame-src 'self'; img-src * data:; media-src 'self' data: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' *.ruler.to *.conversionruler.com blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; worker-src 'self' blob:;
Which formatted a little more clearly is:
default-src 'self'; connect-src 'self' *.ruler.to *.conversionruler.com; frame-ancestors 'self'; frame-src 'self'; img-src * data:; media-src 'self' data: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' *.ruler.to *.conversionruler.com blob:; style-src 'self' 'unsafe-inline' cdn.example.com; worker-src 'self' blob:;
Techniques to add this to your web server configuration are beyond the scope of this article but searching for Custom HTTP headers in your web server or web server provider's documentation should provide information on how to configure this header.