What are CSP Errors
Content-Security-Policy, also known as CSP, is the name of an HTTP response header that modern browsers use to enhance the security of a document or web page. The Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources, such as JavaScript or CSS are allowed to load. 🔎 Learn more about CSP here.
If your website is set up with a CSP that restricts external domains, the Nextroll Pixel, and any third-party pixels fired through the NextRoll Pixel, may be blocked. In other words, our pixel will not be able to fully track your website traffic.
Determine if a pixel is not firing due to CSP restrictions
To determine if a pixel is not firing due to your CSP restrictions your developer will need to open the browser’s development console to look for any errors. For Chrome go to 'More Tools' > 'Developers Tools' > 'Console'.
✍️ Please note, that this assumes the NextRoll Pixel has already been properly installed on your website and is firing correctly. Click here to learn how to install the NextRoll Pixel, or click here to verify your NextRoll Pixel is firing.
Below you can find an example of how CSP errors look like in the Console log.
Click the Issues tab to view further information and possible fixes regarding the flagged issues:
Add trusted domains to your CSP allowlist
To prevent your CSP restrictions from blocking the NextRoll Pixel ability to properly track all your website traffic and fire all our partner Pixels, you should ask your developer to add the following domains to a CSP allowist with the img-src and script-src directives.
✍️ Please note that some domains may not be applicable to you depending on which networks have been enabled for your account.
- d.adroll.com
- s.adroll.com
- d.adroll.mgr.consensu.org
- dsum-sec.casalemedia.com
- eb2.3lift.com
- googleads.g.doubleclick.net
- p.adsymptotic.com
- px.ads.linkedin.com
- px4.ads.linkedin.com
- pixel.advertising.com
- pixel.rubiconproject.com
- image2.pubmatic.com
- simage2.pubmatic.com
- snap.licdn.com
- sync.outbrain.com
- sync.taboola.com
- trc.taboola.com
- ads.yahoo.com
- ups.analytics.yahoo.com
- www.facebook.com
- connect.facebook.net
- idsync.rlcdn.com
- ib.adnxs.com
- x.bidswitch.net
If the issue persists
If you continue to see CSP issues in your browser console log after your developer has added the domains above you can reach out to Customer Support providing the details below:
- Your website URL where the NextRoll Pixel is installed.
- Confirmation that the NextRoll Pixel is properly installed. Learn how-to here.
- A screenshot of the errors you see in your browser console. For Chrome go to 'More Tools' > 'Developers Tools' > 'Console'.
Other CSP resources
- https://content-security-policy.com/
- https://report-uri.com/home/generate