1. Home
  2. Integration & Setup
  3. Practice tips & guid...
  4. Using etracker with security headers

Using etracker with security headers

In order to increase the security of web applications, it is good practice to use HTTP security headers. These include, among others Content Security Policy (CSP) headers.

To use the tracking code on a server with CSP enabled, the CSP header must be set as follows:

Header set Content-Security-Policy “script-src
‘self’ https: //*.etracker.comhttps: //*.etracker.de ‘unsafe-inline’;”

With this restrictive integration of etracker, only the use of etracker Analytics is possible. The use of etracker Optimiser could otherwise be used to inject other scripts.