Pixel Troubleshooting: CSP Errors

What are CSP Errors

Content-Security-Policy, also known as CSP, is the name of an HTTP response header that modern browsers use to enhance the security of a document or web page. The Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources, such as JavaScript or CSS are allowed to load. 🔎 Learn more about CSP here.

If your website is set up with a CSP that restricts external domains, the Nextroll Pixel, and any third-party pixels fired through the NextRoll Pixel, may be blocked.  In other words, our pixel will not be able to fully track your website traffic.

Determine if a pixel is not firing due to CSP restrictions

A quick way to check if a pixel is being restricted by a CSP is to view your browser’s development console. Please note, that this assumes the NextRoll pixel has already been properly placed on the website. Learn more about how to install the Pixel here.

To determine if a pixel is not firing due to your CSP restrictions your developer will need to open the browser’s development console to look for any errors. For Chrome go to 'More Tools' > 'Developers Tools' > 'Console'.

✍️ Please note, that this assumes the NextRoll Pixel has already been properly installed on your website and is firing correctly. Click here to learn how to install the NextRoll Pixel, or click here to verify your NextRoll Pixel is firing.

Below you can find an example of what CSP errors look like in the Console log.



Clicking the issues tab will also provide further information and possible fixes regarding the flagged issues:


Add domains to a CSP

To prevent your CSP restrictions from blocking the NextRoll Pixel ability to properly track all your website traffic and fire all our partner Pixels, you should ask your developer to add the following domains to a CSP allowist with the img-src and script-src directives.  Please note, some domains are not applicable and depends on which networks have been enabled on your advertisable. In those cases, they can be removed.

  • d.adroll.com
  • s.adroll.com
  • d.adroll.mgr.consensu.org
  • dsum-sec.casalemedia.com
  • eb2.3lift.com
  • googleads.g.doubleclick.net
  • p.adsymptotic.com
  • px.ads.linkedin.com
  • px4.ads.linkedin.com
  • pixel.advertising.com
  • pixel.rubiconproject.com
  • image2.pubmatic.com
  • simage2.pubmatic.com
  • snap.licdn.com
  • sync.outbrain.com
  • sync.taboola.com
  • trc.taboola.com
  • ads.yahoo.com
  • ups.analytics.yahoo.com
  • www.facebook.com
  • connect.facebook.net
  • idsync.rlcdn.com
  • ib.adnxs.com
  • x.bidswitch.net

If the issue persists

If you continue to see issues in your browser console log after your developer has added the domains above to your CSP allowlist please reach out to the Customer Support team providing the details below:

  • Your website URL where the NextRoll Pixel is installed.
  • Confirmation that the NextRoll Pixel is properly installed. Learn how-to here.
  • A screenshot of the errors you see in your browser console. For Chrome go to 'More Tools' > 'Developers Tools' > 'Console'.

External CSP resources

Was this article helpful?

We're sorry to hear that!

Please tell us why.