AdPage Magento Plugin - Content Security Policy (CSP) Configuration
The Problem
Magento uses Content Security Policy (CSP) to ensure your webshop's security. By default, Magento blocks external scripts that aren't explicitly allowed. This can prevent AdPage tracking scripts and other marketing tags from loading correctly.
What is CSP?
Content Security Policy is a security measure that controls which external resources (such as scripts, images, and styles) are allowed to load on your website. While this helps prevent Cross-Site Scripting (XSS) attacks, it requires proper configuration for legitimate marketing scripts.
How to Identify CSP Issues?
Open browser developer tools (F12)
Go to the Console tab
Look for CSP warnings referring to blocked content
These warnings typically include the blocked domain names
Configuring CSP in Magento
Required Domains
You need to add the following domains to your CSP configuration:
- Your tagging domain (set via CNAME record in the AdPage dashboard)
- Domains for specific marketing tags you use, for example:
- LinkedIn tracking: px.ads.linkedin.com
- Pinterest tracking: ct.pinterest.com
Configuration Steps
Please check https://developer.adobe.com/commerce/php/development/security/content-security-policies/ for more information on how to configure CSP. Or share this information with your web developer.
Important
- The exact domains you need to add depend on your GTM container configuration
- Check the browser console for blocked requests
- Only add domains that you actually use
- Test if all marketing tags work correctly after modifying the CSP configuration
Dynamic Tags
Since GTM containers can be modified, it's important to:
Regularly check the browser console for new CSP warnings
Verify if additional domains need to be added when implementing new marketing tags
Update the CSP configuration when new tracking functionality is implemented
Need Help?
If you experience issues configuring CSP or if certain tags still don't work, please contact support@adpage.io. Include:
- Your current CSP configuration
- Any error messages from the browser console
- Which marketing tags aren't functioning correctly
Updated on: 07/02/2025
Thank you!