AdWords is now Google Ads. Our new name reflects the full range of advertising options we offer across Search, Display, YouTube, and more. Learn more

1.7K members online now
1.7K members online now
Dive into advanced features like Remarketing, Flexible Bid Strategies, AdWords Editor, and AdWords Scripts
Guide Me

Google Adwords CSP (content security policy) img-src

Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

What domains/protocols in the img-src directive of the Content-Security-Policy header are required to allow Google AdWords conversion tracking?


From testing, when we call google_trackConversion, it looks like the browser creates an image with a src that follows a chain of 302 redirects between various domains... -> -> ->

The final looks suspicious to me. As we're testing from the UK, we're concerned that tracking called from other countries will redirect to other domains.


What is the complete list of domains that we need to open up in order for the tracking to work?


Note: I have also posted this question at

Re: Google Adwords CSP (content security policy) img-src

Visitor ✭ ✭ ✭
# 2
Visitor ✭ ✭ ✭
I have exactly the same issue and in fact the google representative was based in India and is having CSP issues based on it retrieving content from

I would prefer not to list lots of domains to get around this issue. Is there any intention to stop this redirecting based on location?