Analytics
4.7K members online now
Discuss discrepancies between AdWords and Google Analytics data, linking AdWords and Google Analytics, importing your goals/Ecommerce transactions into AdWords, and setting up Remarketing
 
Guide Me
star_border
Reply

Content Security Policy blocks remarketing

[ Edited ]
Visitor ✭ ✭ ✭
# 1
Visitor ✭ ✭ ✭

HI

I fail to set up a CSP that allows for remarketing.
For GA i have copied the ga javascript into an selfhosted file (like suggested somewhere)

But for remarketing this wont work.


Here is the warning including CSP:

www.SOMETHING.org/:670 Refused to execute inline script because it violates the following Content Security Policy directive: "default-src data: 'self' *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com www.google.de www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.scrivito.com *.scrvt.com www.googleadservices.com stats.g.doubleclick.net scrivito-public-cdn.s3-eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-ehoQyGDOCsh/JLw+8f/njuKRLnzv9SCOKEKjtsmLWDI='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

remarketing-c4c5ce63408a49e940ff16856c896010ae137b941969c9e56a0e00c2b1fd29bf.js:1 Refused to frame 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/965712480/…tps%3A%2F%2Fwww..org%2F&tiba=SOMETHING%20-%20sustainable%20software' because it violates the following Content Security Policy directive: "default-src data: 'self' *.hotjar.com ws://*.hotjar.com wss://*.hotjar.com www.google.de www.google.com www.google-analytics.com *.googleapis.com *.gstatic.com *.scrivito.com *.scrvt.com www.googleadservices.com stats.g.doubleclick.net scrivito-public-cdn.s3-eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com 'unsafe-eval'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

(anonymous) @ remarketing-c4c5ce63408a49e940ff16856c896010ae137b941969c9e56a0e00c2b1fd29bf.js:1