Content Security Policies for Popular Web Services:

Generating a strong Content-Security-Policy (CSP) for your website can be hard — as you may accidentally block parts of legitimate services running in you website / app. Below is a list of all the CSP directives that you will need to properly run popular services such as Google analytics, Facebook SDK, and Hotjar. The data is manually curated, references the official documentation, public discussion forums, and internal RapidSec research powered by our network effect. Search below for your needed service to understand which directives you need:

Google Tag Manager

Google Tag Manager

marketingutilities
Facebook

Facebook

Social Mediaads
Cloudflare - CDN.js

Cloudflare - CDN.js

CDNOpen Source
Hotjar

Hotjar

analyticsmarketing
Gravatar

Gravatar

utilities
HubSpot

HubSpot

crmmarketing
DataDog

DataDog

logging
Google reCAPTCHA

Google reCAPTCHA

Privacyutilities
Google Maps

Google Maps

utilities
Youtube Embedded Videos SDK

Youtube Embedded Videos SDK

Social Mediautilities
jQuery

jQuery

CDNOpen Source
jsDelivr

jsDelivr

CDNOpen Source
Unpkg

Unpkg

CDNOpen Source
Linkedin Tags + SDKs

Linkedin Tags + SDKs

adsSocial Mediautilities
CookieLaw

CookieLaw

Privacyutilities
Twitter Widgets & SDKs

Twitter Widgets & SDKs

Social Mediamarketing
Intercom

Intercom

supportcrmchat
Drift

Drift

chatsupport
Tawk.to

Tawk.to

supportchat
Adobe Tag Manager

Adobe Tag Manager

marketingutilities
Zendesk

Zendesk

supportchatcrm
LogRocket

LogRocket

loggingutilities
New Relic

New Relic

logging
Sentry

Sentry

loggingutilities
Auth0

Auth0

Privacyutilities
Mixpanel

Mixpanel

analyticsmarketing
Amplitude

Amplitude

analyticsmarketing
Paypal

Paypal

Payments
BrainTree

BrainTree

Payments
Vimeo Embedded Videos SDK

Vimeo Embedded Videos SDK

Social Mediautilities
Stripe

Stripe

Paymentsutilities
Vaimo

Vaimo

loggingutilities
Microsoft Clarity

Microsoft Clarity

analyticsmarketing
Chargebee

Chargebee

Paymentsutilities
Mailchimp

Mailchimp

crmmarketing
Double Verify

Double Verify

Privacyads
CrazyEgg

CrazyEgg

analyticsmarketing
Klevu Search

Klevu Search

ecommercemarketing
Yotpo

Yotpo

ecommercemarketing
Beamer

Beamer

utilitiesmarketing
Appcues

Appcues

utilitiesmarketing

Using these directives will help you prevent the dreaded.

Refused to load the script '...' because it violates the following Content Security Policy directive

Looking to add more services to this list?

Contact Us and let us know what you want.