This article is also available in:

AdPage Magento Plugin - Content Security Policy (CSP) Configuration

The Problem


Magento uses Content Security Policy (CSP) to ensure your webshop's security. By default, Magento blocks external scripts that aren't explicitly allowed. This can prevent AdPage tracking scripts and other marketing tags from loading correctly.

What is CSP?


Content Security Policy is a security measure that controls which external resources (such as scripts, images, and styles) are allowed to load on your website. While this helps prevent Cross-Site Scripting (XSS) attacks, it requires proper configuration for legitimate marketing scripts.

How to Identify CSP Issues?


Open browser developer tools (F12)
Go to the Console tab
Look for CSP warnings referring to blocked content
These warnings typically include the blocked domain names

Configuring CSP in Magento



Required Domains


You need to add the following domains to your CSP configuration:
- Your tagging domain (set via CNAME record in the AdPage dashboard)
- Domains for specific marketing tags you use, for example:
- LinkedIn tracking: px.ads.linkedin.com
- Pinterest tracking: ct.pinterest.com

Configuration Steps


Please check https://developer.adobe.com/commerce/php/development/security/content-security-policies/ for more information on how to configure CSP. Or share this information with your web developer.

Important


- The exact domains you need to add depend on your GTM container configuration
- Check the browser console for blocked requests
- Only add domains that you actually use
- Test if all marketing tags work correctly after modifying the CSP configuration

Dynamic Tags


Since GTM containers can be modified, it's important to:
Regularly check the browser console for new CSP warnings
Verify if additional domains need to be added when implementing new marketing tags
Update the CSP configuration when new tracking functionality is implemented

Need Help?


If you experience issues configuring CSP or if certain tags still don't work, please contact support@adpage.io. Include:
- Your current CSP configuration
- Any error messages from the browser console
- Which marketing tags aren't functioning correctly

Updated on: 07/02/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!