Using the Consent Studio (cookie) consent banner on a website with a Content Security Policy
script-src
Add the following source to your script-src directive. Note: replace the [your domain here] with your site's domain.
https://consent.studio/[your domain here]/banner.js
When you have integrations enabled, you also need to add the following source to your CSP script-src directive. Note: replace the [your domain here] with your site's domain.
https://consent.studio/api/v1/public/site/[your domain here]/integrations.js
When you are using our inline cookie table (declaration), as a part of your cookie policy for example, then you need to add the following directive as well:
https://consent.studio/api/v1/public/site/[your domain here]/declaration.js
style-src
Our cookie banner uses inline CSS in order to modify the styling of the banner. This inline CSS is added to the DOM at runtime of banner.js.
Thus, you have the following options:
Using
unsafe-inlinefor CSS (The use of'unsafe-inline'is discouraged. You should carefully consider the security ramifications of adding this directive to the CSP before using this approach.)Copying the CSS to your own environment
connect-src
Our cookie banner receives data and reports to API endpoints on the consent.studio domain using the HTTPS protocol. Thus, we advice you to include https://consent.studio in the connect-src directive of your content security policy.