What are CSP Errors
Content-Security-Policy, also known as CSP, is the name of an HTTP response header that modern browsers use to enhance the security of a document or web page. The Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources, such as JavaScript or CSS are allowed to load. Learn more about CSP here.
If your website is set up with a CSP that restricts external domains, the Pixel, and any third-party pixels fired through the Pixel, may be blocked. In other words, our pixel will not be able to fully track your website and mobile browser visitor traffic.
Determine if a pixel is not firing due to CSP restrictions
A quick way to check if a pixel is being restricted by a CSP is to view your browser’s development console. To determine if a pixel is not firing due to your CSP restrictions your developer will need to open the browser’s development console to look for any errors. For Chrome go to More Tools > Developers Tools > Console.
Ensure the Pixel is properly installed
Please note, that this assumes the NextRoll Pixel has already been properly installed on your website and is firing correctly.
- Click here to learn how to install the NextRoll Pixel.
- Click here to verify your NextRoll Pixel is firing.
Below you can find an example of what CSP errors look like in the Console log.
Clicking the issues tab will also provide further information and possible fixes regarding the flagged issues:
Add domains to a CSP
To ensure your Content Security Policy (CSP) doesn't block the Pixel from tracking traffic or firing partner Pixels, please ask your developer to add the following domains to your CSP allowlist.
We recommend checking common directives like img-src, script-src, and content-src. Your development team will be best able to determine the optimal policy settings for your specific configuration.
Please note, some domains are not applicable and depends on which networks have been enabled on your advertisable. In those cases, they can be removed.
- a.adroll.com
- analytics.freespee.com
- beacon.krxd.net
- cm.g.doubleclick.net
- dpm.demdex.net
- in.treasuredata.com
- io.narrative.io
- lex.33across.com
- ml314.com
- pixel.tapad.com
- s-cs.send.microad.jp
- stags.bluekai.com
- us-u.openx.net
- barracuda.com
- x.adroll.com
- d.adroll.com
- s.adroll.com
- d.adroll.mgr.consensu.org
- dsum-sec.casalemedia.com
- eb2.3lift.com
- googleads.g.doubleclick.net
- p.adsymptotic.com
- px.ads.linkedin.com
- px4.ads.linkedin.com
- pixel.advertising.com
- pixel.rubiconproject.com
- image2.pubmatic.com
- simage2.pubmatic.com
- snap.licdn.com
- sync.outbrain.com
- sync.taboola.com
- trc.taboola.com
- ads.yahoo.com
- ups.analytics.yahoo.com
- www.facebook.com
- connect.facebook.net
- idsync.rlcdn.com
- ib.adnxs.com
- x.bidswitch.net
If the issue persists
If you continue to see issues in your browser console log after your developer has added the domains above to your CSP allowlist please reach out to the Customer Support team providing the details below:
- Your website URL where the NextRoll Pixel is installed.
- Confirmation that the NextRoll Pixel is properly installed. Learn how-to here.
- A screenshot of the errors you see in your browser console. For Chrome go to More Tools > Developers Tools > Console.