Market Ruler HelpConversionRuler Content Security Policy for Installations
From Market Ruler Help
Revision as of 19:18, 4 February 2026 by Admin (talk | contribs) (Created page with "For sites which have Content Security Policy (or CSP) headers enabled for more advanced security. Your web server administrator will need to configure your web server...")
For sites which have Content Security Policy (or CSP) headers enabled for more advanced security.
Your web server administrator will need to configure your web server to add ConversionRuler's domains to the `Content-Security-Policy` headers for your site to enable ConversionRuler to communicate with the tracking servers.
ConversionRuler requires the following permissions:
-
script-srcfor loading our report script -
connect-srcfor tracking -
img-srcfor image tracking (alternate method)
An example Content Security Policy header looks like:
Content-Security-Policy: default-src 'self'; connect-src 'self' *.ruler.to *.conversionruler.com; frame-ancestors 'self'; frame-src 'self'; img-src * data:; media-src 'self' data: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' *.ruler.to *.conversionruler.com blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; worker-src 'self' blob:;
Which formatted a little more clearly is:
default-src 'self'; connect-src 'self' *.ruler.to *.conversionruler.com; frame-ancestors 'self'; frame-src 'self'; img-src * data:; media-src 'self' data: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' *.ruler.to *.conversionruler.com blob:; style-src 'self' 'unsafe-inline' cdn.example.com; worker-src 'self' blob:;
Techniques to add this to your web server configuration are beyond the scope of this article but searching for Custom HTTP headers in your web server or web server provider's documentation should provide information on how to configure this header.