Skip to main content
All CollectionsTroubleshootingCometly Pixel Troubleshooting
Using Cometly with Content Security Policy
Using Cometly with Content Security Policy

All Cometly domains you'll need to allow in your CSP or firewall.

Updated over a month ago

Content Security Policy (CSP) is a security standard that helps prevent cross-site scripting (XSS), clickjacking, and other code injection attacks resulting from the execution of malicious content in a trusted web page context. If your website uses CSP and you plan to integrate the Cometly tracking pixel, you'll need to adjust your CSP settings to ensure the pixel functions correctly.

This guide will help you configure your CSP to work seamlessly with the Cometly pixel.

Why Adjust Your CSP for Cometly?

By default, CSP restricts the sources from which your website can load resources like scripts, styles, and images. Since the Cometly pixel loads an external script and sends data back to Cometly servers, your CSP may block these actions unless explicitly allowed.

The Cometly pixel:

  • Loads a script from https://t.cometlytrack.com

  • Automatically fires an init event upon loading, which involves network requests to Cometly's servers

To ensure the pixel operates without issues, you'll need to update your CSP to permit these actions.

Updating Your CSP Directives

Here are the CSP directives you need to adjust:

  1. script-src: Allows loading scripts from specified sources.

  2. connect-src: Permits sending data to specified endpoints.

Example CSP Configuration

Content-Security-Policy: 
script-src 'self' https://t.cometlytrack.com;
connect-src 'self' https://t.cometlytrack.com;

Breakdown:

  • script-src: Adds https://t.cometlytrack.com to allow loading the Cometly pixel script.

  • connect-src: Includes https://t.cometlytrack.com to permit network requests made by the pixel, including the automatic init event.

Did this answer your question?