Google Adwords CSP (content security policy) img-src
What domains/protocols in the img-src directive of the Content-Security-Policy header are required to allow Google AdWords conversion tracking?
From testing, when we call google_trackConversion, it looks like the browser creates an image with a src that follows a chain of 302 redirects between various domains...
www.googleadservices.com -> googleads.g.doubleclick.net -> www.google.com -> www.google.co.uk
The final .co.uk looks suspicious to me. As we're testing from the UK, we're concerned that tracking called from other countries will redirect to other domains.
What is the complete list of domains that we need to open up in order for the tracking to work?
Note: I have also posted this question at http://stackoverflow.com/questions/34361383/google-adwords-csp-content-security-policy-img-src
Re: Google Adwords CSP (content security policy) img-src
I would prefer not to list lots of domains to get around this issue. Is there any intention to stop this redirecting based on location?