Troubleshooting Load Analytics on Content Security Policy via .htaccess
How to overcome the problem analytics on Content Security Policy via .htaccess is very easy, here I am doing it to wordpress and the results are satisfactory, for other CMS application may be different. Before running the tutorial, I will give the review.
What is the Content Security Policy?
CSP helps us to prevent exploitation xss and some types of malware other external scripts execution, such as js overlay etc. This is very useful for the company’s website or the website to buy and sell online, for more detail, please see the official website here.
Steps Configuration for WordPress:
- Open Your WordPress Self-host.
- Go to the “Appearance” select “Editor”
- Select “header.php” Change your Analytics code to asynchronous code from Google. You can see here, for example asynchronous code like this:
- The code is usually on top of the code </head>
- Change the code, “UA-XXXXX-Y” with Your Analytics Tracking ID.
- Update or Save Theme.
- Then go to your cPanel account.
- Go to the “.htaccess” click Edit.
- There are several configurations that must be considered before editing, you can see at the website from developers google.
- By default, if you would like to recommend the CSP will look like this:
- Here I do with the method “SSL Only” and adding async code analytics, tag manager, or sync to wordpress.com.
- Place this code on above wordpress basic code in .htaccess, code like the following:
- Example Basic WordPress code on .htaccess
- Then click Save.
- Test your site here, this is the result of my website, not bad.
- Code ‘unsafe-inline’ is to allow the use of such resources element inline style attribute, onclick, or a script tag body (depending on the context of the resources applied to the need) for more details, please refer to the official website again.
- Problems on the website is gone.
- Cookies Analytics/Tag Manager detected Again.
- An Amazing Speed..!!
Content Security Policy also useful lighten your website loading and prevent the exploitation of the type xss, shell of defacer, js, overlay or malware from malicious plugins. I recommend to install the plugin CSP to be simple for those who do not want to edit the .htaccess. Any question? please comment below or join in the forum asepms.com, it might help.
Latest posts by Asep Ulchre (see all)
- Hardening HTTP Security Headers via .htaccess - February 24, 2017
- Troubleshooting Load Analytics on Content Security Policy via .htaccess - February 17, 2017
- How to Create a Network LAN (Local Area Network) on Windows - February 16, 2017