Skip to content

Content Security Policy information

When integrating Parse.ly’s analytics into your website, it’s important to ensure that your Content Security Policy (CSP) allows the necessary resources to load correctly. This guide will help you configure your CSP to work seamlessly with Parse.ly.

Parse.ly-specific CSP directives

To ensure seamless Parse.ly operation, you’ll need to add the following directives to your CSP:

1. script-src

The script-src directive controls the sources from which JavaScript can be loaded. Parse.ly requires you to include the following source in this directive:

  • https://cdn.parsely.com: This URL loads the JavaScript that instruments your site and sends analytics data to Parse.ly’s servers.

Example:

script-src 'self' https://cdn.parsely.com;

2. img-src

The img-src directive specifies the sources from which images can be loaded. Parse.ly uses this directive to collect site metrics through pixel tracking. Depending on your region and data privacy requirements, you may need to include one or both of the following sources:

  • Global Tracking:
    • https://p1.parsely.com: This is the primary pixel server that collects metrics globally.
  • EU-Only Tracking:
    • https://p1-irl.parsely.com: We use this pixel server exclusively for EU-based sites.

Example:

img-src 'self' https://p1.parsely.com https://p1-irl.parsely.com;

Testing your CSP

Once you have implemented your Content Security Policy, it’s important to test to ensure that all Parse.ly functionality works correctly. You can use browser developer tools or https://cspvalidator.org/ to check for any issues. Be sure to monitor your site’s dashboard(s) to confirm that we’re collecting data as expected.

Troubleshooting

If you encounter any issues with Parse.ly’s analytics not functioning as expected after implementing your CSP, contact support@parsely.com.

Last updated: August 27, 2024