How do I check if my GA4 has Content Security Policy (CSP) configured correctly?

Run a free NiceLookingData audit on your GA4 property. The audit runs 58 checks across configuration, data quality, measurement, compliance, and optimization — including any rule that touches Content Security Policy (CSP) — and emits plain-English findings in 60 seconds.

Definition · GA4 Glossary

What is Content Security Policy (CSP)?

A server-side HTTP header that acts as a strict whitelist, dictating exactly which external scripts and resources a web browser is allowed to execute.

A strict CSP is excellent for website security, preventing cross-site scripting (XSS) attacks. However, it is the mortal enemy of marketing tags.

If your developers implement a strict CSP, and they forget to add the domains www.googletagmanager.com and www.google-analytics.com to the whitelist, the browser will aggressively block your analytics scripts from firing, resulting in a completely dead GA4 property. If your tags suddenly stop tracking site-wide after a deployment, always check the browser console for CSP violation errors.

From definition to diagnosis

Does your GA4 have Content Security Policy (CSP) issues?

Stop guessing. Get a free audit of your exact setup, then let your 24/7 web analyst keep watching every night.

Keep reading

Related terms.

Server-Side Tagging

A method of moving tracking tags from the user's browser to a secure cloud server, improving page speed, data privacy, and bypassing ad blockers.

Preparing tool...

Back to Glossary