This article is also available in:

AdPage Magento Plugin - Content Security Policy (CSP) Configuration


The Problem

Magento uses Content Security Policy (CSP) to ensure your webshop's security. By default, Magento blocks external scripts that aren't explicitly allowed. This can prevent AdPage tracking scripts and other marketing tags from loading correctly.


What is CSP?

Content Security Policy is a security measure that controls which external resources (such as scripts, images, and styles) are allowed to load on your website. While this helps prevent Cross-Site Scripting (XSS) attacks, it requires proper configuration for legitimate marketing scripts.


How to Identify CSP Issues?

  1. Open browser developer tools (F12)
  2. Go to the Console tab
  3. Look for CSP warnings referring to blocked content
  4. These warnings typically include the blocked domain names


Configuring CSP in Magento


Required Domains

You need to add the following domains to your CSP configuration:

  • Your tagging domain (set via CNAME record in the AdPage dashboard)
  • Domains for specific marketing tags you use, for example:
  • LinkedIn tracking: px.ads.linkedin.com
  • Pinterest tracking: ct.pinterest.com


Configuration Steps

Please check https://developer.adobe.com/commerce/php/development/security/content-security-policies/ for more information on how to configure CSP. Or share this information with your web developer.


Important

  • The exact domains you need to add depend on your GTM container configuration
  • Check the browser console for blocked requests
  • Only add domains that you actually use
  • Test if all marketing tags work correctly after modifying the CSP configuration


Dynamic Tags

Since GTM containers can be modified, it's important to:

  1. Regularly check the browser console for new CSP warnings
  2. Verify if additional domains need to be added when implementing new marketing tags
  3. Update the CSP configuration when new tracking functionality is implemented


Need Help?

If you experience issues configuring CSP or if certain tags still don't work, please contact support@adpage.io. Include:

  • Your current CSP configuration
  • Any error messages from the browser console
  • Which marketing tags aren't functioning correctly

Updated on: 07/02/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!