Either the ‘unsafe-inline’ keyword, a hash (‘example’), or a nonce (‘nonce-…’)” is required to enable inline execution.” “Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ *.”. Check the Developer’s Console after loading a page on your website, and look for a message akin to:.Check to see if Google Tag Manager Preview Mode is working on the website where you have Google Tag Manager properly deployed.Here are a few ways that you can identify whether a CSP is the culprit behind your GTM woes: If you’re tearing your hair out trying to figure out where your implementation went wrong, a CSP may be the culprit. How can you tell that your Google Tag Manager script is being disabled by a CSP?Ī CSP blocking the GTM script means that GTM, even when otherwise implemented correctly, will not fire any tags or collect any data. Since Google Tag Manager is a third-party vendor attempting to load a third-party script, websites that employ a CSP will refuse to execute it, assuming that the script is a possible attack on the website. Why does it not work with Google Tag Manager? A CSP prevents the browser from executing any scripts from third-party domains unless those domains are on an administrator-control whitelist. What is a Content Security Policy (CSP)?Ī Content Security Policy (CSP) is an extra layer of security that helps protect a website from some types of injection-based and Cross Site Scripting (XSS) attacks. ![]() The long and short of it is that a Content Security Policy can break your Google Tag Manager implementation, but with the right fix, the two can coexist peacefully. ![]() We recently came across an analytics implementation issue that we haven’t seen before - a rather delightful and novel experience for us these days! While this issue’s existence has been documented across the web (as we discovered when searching for it specifically), it was new to us, and we wanted to make this issue known to our blog readers in case it rears its ugly head.
0 Comments
Leave a Reply. |