How to configure CSP rules for Siteimprove Analytics

Overview

If you're using Content Security Policy (CSP) you need to add rules to make sure that data collection works correctly.

Steps

1. Allow the tracking script

Your account specific tracking script should be added to your allow list.

This can be done by extending the script-src rule to include siteimproveanalytics.com.

As an example, consider the existing CSP rule for a website: 

script-src: 'self';

 Now if we add our rule it will look like this: 

script-src: 'self' siteimproveanalytics.com;

2. Allow data delivery

Your account specific tracking script delivers data back to our collectors.

This is done by loading a pixel, which essentially is a very small 1x1 image.

Therefore, your CSP needs to allow loading our pixel images. This can be done by extending the img-src rule to include *.siteimproveanalytics.io.

3. Allow session replay

If your website is using CSP rules, you need to add *.siteimproveanalytics.io to your connect-src rule (so it becomes connect-src: *.siteimproveanalytics.io).

This is because we're using fetch for delivering data instead of loading a tracking pixel. We need to use fetch for recording data.