Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Lachlann 344 posts 626 karma points
    Nov 16, 2020 @ 15:54

    Strict CSP

    We have a strict CSP implemented on our site which blocks any inline scripts from running. I noticed that the analytics script output on the front end loads a GUID on page load which changes meaning its not possible to whitelist the SHA for this. Have you guys encountered this and do you have any workarounds?

  • Lachlann 344 posts 626 karma points
    Nov 16, 2020 @ 15:55

    I originally posted the above question to uMarketingSuite support as an email, here is the response:

    That is great feedback and we did not considered this before. The inserted clientside script is only used for the clientside script:

    It would be fairly easy for us to make sure that the GUID is rendered on a different element (non-javascript) such as and make sure that the script is using that guid. In that way you can whitelist the script or we can even make a separate js-file for this. So this is possible and I will add this to our backlog of items. We prioritize the backlog together with our partners ( so I cannot promise you that this will be fixed in the next sprints.

  • [email protected] 406 posts 2135 karma points MVP 7x c-trib
    Nov 17, 2020 @ 08:03

    Hi Lachlann,

    you even posted the response. Fantastic :)!

    Did it make sense? Or any questions left?

    Kind regards,


    enter image description here

  • Lachlann 344 posts 626 karma points
    Nov 17, 2020 @ 09:03

    Thanks Jeffrey.

    That makes total sense to me

    Cheers L

Please Sign in or register to post replies

Write your reply to: