What is Content Security Policy (CSP)?

A server-side HTTP header that acts as a strict whitelist, dictating exactly which external scripts and resources a web browser is allowed to execute.

A strict CSP is excellent for website security, preventing cross-site scripting (XSS) attacks. However, it is the mortal enemy of marketing tags.

If your developers implement a strict CSP, and they forget to add the domains www.googletagmanager.com and www.google-analytics.com to the whitelist, the browser will aggressively block your analytics scripts from firing, resulting in a completely dead GA4 property. If your tags suddenly stop tracking site-wide after a deployment, always check the browser console for CSP violation errors.

Does your GA4 have Content Security Policy (CSP) issues?

Stop guessing. Run our automated engine to analyze your exact setup in 60 seconds and find out.

Related Terms

Server-Side Tagging

A method of moving tracking tags from the user's browser to a secure cloud server, improving page speed, data privacy, and bypassing ad blockers.

nld.

NiceLookingData

GA4 Auditor

Audit your Google Analytics 4 property

GTM Auditor

Audit your Tag Manager container

See products in action →DEMO

Demo Blog

UTM Builder

Build & validate campaign URLs

Audit Checklist

Step-by-step GA4 audit guide

GA4 Glossary

Every GA4 term explained

Guides

Fix common GA4 issues

Pricing Log in Sign Up

Back to Glossary

Definitions