Content Security Policy (CSP)

My CMP is Blocked by CSP: What to Do?

✅ Why isn't my CMP displaying on my site?

If your Consent Management Platform (CMP) isn't showing up, chances are it's being blocked by your Content Security Policy (CSP).

CSP is a security measure that restricts the loading of external scripts. If your site hasn’t explicitly allowed the CMP’s domain, it simply won’t load.

⚙ How to fix this issue?

Good news: you just need to whitelist the CMP’s domain in your CSP. Here’s how:

1. Modify your CSP

Add the CMP’s URL to your security policy. Here’s an example of how to update your HTTP header:

Content-Security-Policy: script-src 'self' https://*.consentframework.com;

Allow inline images if needed (optional)

Some CMPs (including Sirdata's) may use base64-encoded images (data:image/...) for icons or logos. If these are blocked by your CSP, you might see an error like:

Refused to load the image 'data:image/png;base64,...' because it violates the Content Security Policy...

To fix this, you can extend your CSP by adding the following:

Example:

Content-Security-Policy: 
  script-src 'self' https://*.consentframework.com;
  img-src 'self' data: https:;

💡 This allows base64 images within <img> tags, without significantly compromising your site’s security.

2. Test and Validate

After making the changes, refresh your page (Ctrl + Shift + R) and check if the CMP is now displayed. You can also recheck the console to see if the CSP errors have disappeared.

🌟 TL;DR

Your CMP is blocked ✖ by your security policy (CSP)
Solution: whitelist its domain ✔
Where? In your site’s HTTP header
Test, refresh, and enjoy! 🚀

If in doubt, share this FAQ with your developer (they’ll get it right away 😉). Need help? We're here for you! 💡

PrécédentCan I change plans?SuivantGoogle

Mis à jour il y a 2 mois

Ce contenu vous a-t-il été utile ?