Skip to main content
All CollectionsSecurity / privacy
Required content security policies
Required content security policies
Updated over 6 months ago

Seeka policies

If your website enforces content security policies via the Content-Security-Policy HTTP header, the below directive is required.

default-src *.seeka.services;

For more fine grained control, the below directives can be used

script-src sdk.seeka.services;

style-src sdk.seeka.services; 

img-src sdk.seeka.services;

font-src sdk.seeka.services;

connect-src router.seeka.services api.seeka.services sdk.seeka.services apps.seeka.services;

Note: img-src, style-src and font-src directives are used by the Express Event Setup tool (Sidekick) as images, styles and fonts are not a requirement for Seeka tracking.

Platform policies

Each platform that you connect via Seeka will have it's own requirements around content security policies. The table below outlines which policies are required for some of the platforms. These are subject to change at the platform's discretion.

Facebook/Meta

default-src connect.facebook.net www.facebook.com 'unsafe-inline'

Google Analytics

connect-src *.google-analytics.com *.analytics.google.com

default-src www.googletagmanager.com 'unsafe-inline'

style-src-elem www.googletagmanager.com

Did this answer your question?