Content Security Policies
Content Security Policies are an added security layer that helps detect and mitigate certain types of attacks (ex. Cross-Site Scripting, data injection, etc.).
To enable CSP, you would need to configure your webserver to return the Content-Security-Policy HTTP header.
Alternatively, the <meta> element can be used to configure a policy, for example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'none';">
Implementing Osano with a CSP
If you are utilizing a CSP, certain allowances may need to be made to your CSP for Osano Consent Manager script to have optimum performance.
(Please note if you are not using a CSP, you do not need to make the below changes)
Necessary Attribute: blob: Allows blob: URIs to be used as a content source.
For example (this may differ from CSP to CSP):
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' http: https: 'self'; script-src blob: http: https: 'self';">
You may also need to make allowances for style-src, script-src, frame-src, and worker-src to include the osano.com domain.
You can set "*.osano.com” as an allowed domain, or set the following as allowed sub-domains: