In order to increase the security of web applications, it is good practice to use HTTP security headers. These include, among others Content Security Policy (CSP) headers.

To use the tracking code on a server with CSP enabled, the CSP header must be set as follows:

Header set Content-Security-Policy “script-src
‘self’ https: //*.etracker.comhttps: //* ‘unsafe-inline’;”

With this restrictive integration of etracker, only the use of etracker Analytics is possible. The use of etracker Optimiser could otherwise be used to inject other scripts.

Need help?
Our friendly, knowledgeable support engineers are here for you.