Your website might block the Leadinfo tracker because of a strong Content Security Policy or CORS-Policy
You can check the Developers Console in Google to see if the Leadifno trackingcode is installed successfully and fires on the page you want to track. It can happen that the tracker fires successfully, but is blocked by your website. Our tracker often blocked by a strong Content Security Policy (CSP) or Cross-origin resource sharing policy (CORS)
In this article we'll answer the following questions: :
- What is a Content Security or CORS Policy?
- How do I know if my CSP blocks Leadinfo?
- How do I use Leadinfo with a CSP?
What is a Content Security Policy (CSP)?
The CSP is an extra layer of security that allows developers to restrict the behavior on their website or application. Done correctly, it detects and prevents attacks from data theft to code injection. This policy is set up by your team or via a security tool.
There is no need to worry when Leadinfo is blocked by your CSP. You or your team can add Leadinfo to the rules of your CSP.
What is a Cross-origin Resource Sharing Policy)?
Cross-origin Resource Sharing (CORS) is an important security feature that enables web applications to request resources from different domains. This functionality is essential for integrating third-party APIs and accessing various resources, such as videos, fonts, or weather data. CORS works by ensuring that your browser seeks permission from these external servers before allowing any data exchange to take place.
There is no need to worry when Leadinfo is blocked by your CORS-policy. You or your team can add Leadinfo to the rules of your CORS-Policy.
How do I know if my CSP / CORS Policy blocks Leadinfo?
Step 1: In Chrome, go to your website and right-click on your website and select "Inspect".
Step 2: The developer console will pop up. In this console, select "Network" from the top menu bar and search for "Ping.js" and refresh the page.
Step 3: When the Leadinfo tracking code is live on your website, you'll see the tracking code show up in the list of scripts.
If you find the tracker in the overview of scripts, you're good to go! But if the tracker is marked red, and you see "(blocked:csp)" below the status, you need to change your Content Security Policy (CSP).
How do I use Leadinfo with a CSP/CORS-Policy?
If you want to use Leadinfo in your Content Security or CORS Policy, you must include the following directives in your Policies.
script-src https://cdn.leadinfo.net
connect-src https://api.leadinfo.com https://collector.leadinfo.net
img-src https://collector.leadinfo.net
If you wish to use the Lead Gen Form feature, you also need to add the following directives.
style-src https://cdn.leadinfo.net
font-src https://cdn.leadinfo.net
img-src https://cdn.leadinfo.net
If you wish to use the Screen Recording feature, you also need to add the following directives.
connect-src: https://*.ldnfrpl.com
connect-src: https://li-replay.s3-accelerate.amazonaws.com
script-src: https://*.ldnfrpl.com