Content Security Policy (CSP) Packages

Generating a strong Content-Security-Policy (CSP) for your website can be hard — as you may accidentally block parts of legitimate services running in your website/app. Below is a list of all the CSP directives that you will need to properly run popular services such as Google Analytics, Facebook SDK, and Hotjar. The data is manually curated, references the official documentation, public discussion forums, and internal RapidSec research powered by our network effect. Search below for your needed service to understand which directives you need:
Google Tag Manager
Google Tag Manager
marketing
utilities
Facebook
Facebook
Social Media
ads
Cloudflare - CDN.js
Cloudflare - CDN.js
CDN
Open Source
Hotjar
Hotjar
analytics
marketing
Gravatar
Gravatar
utilities
HubSpot
HubSpot
crm
marketing
DataDog
DataDog
logging
Google Hosted Libraries
Google Hosted Libraries
CDN
Open Source
Google reCAPTCHA
Google reCAPTCHA
Privacy
utilities
Google Maps
Google Maps
utilities
Youtube Embedded Videos SDK
Youtube Embedded Videos SDK
Social Media
utilities
jQuery
jQuery
CDN
Open Source
jsDelivr
jsDelivr
CDN
Open Source
Unpkg
Unpkg
CDN
Open Source
Linkedin Tags + SDKs
Linkedin Tags + SDKs
ads
Social Media
utilities
CookieLaw
CookieLaw
Privacy
utilities
Twitter Widgets & SDKs
Twitter Widgets & SDKs
Social Media
marketing
Cloudinary Media CDN
Cloudinary Media CDN
CDN
utilities
Intercom
Intercom
support
crm
chat
Drift
Drift
chat
support
Tawk.to
Tawk.to
support
chat
Adobe Tag Manager
Adobe Tag Manager
marketing
utilities
Zendesk
Zendesk
support
chat
crm
LogRocket
LogRocket
logging
utilities
New Relic
New Relic
logging
Sentry
Sentry
logging
utilities
Criteo
Criteo
ads
Auth0
Auth0
Privacy
utilities
Mixpanel
Mixpanel
analytics
marketing
Amplitude
Amplitude
analytics
marketing
Paypal
Paypal
Payments
BrainTree
BrainTree
Payments
Vimeo Embedded Videos SDK
Vimeo Embedded Videos SDK
Social Media
utilities
Stripe
Stripe
Payments
utilities
Vaimo
Vaimo
logging
utilities
Microsoft Clarity
Microsoft Clarity
analytics
marketing
Chargebee
Chargebee
Payments
utilities
Mailchimp
Mailchimp
crm
marketing
Double Verify
Double Verify
Privacy
ads
CrazyEgg
CrazyEgg
analytics
marketing
Klevu Search
Klevu Search
ecommerce
marketing
Yotpo
Yotpo
ecommerce
marketing
Beamer
Beamer
utilities
marketing
Appcues
Appcues
utilities
marketing
Marketo Engage
Marketo Engage
crm
marketing
AddSearch
AddSearch
search
Demand Base
Demand Base
ads
sales
G2
G2
reviews
Geolocation DB
Geolocation DB
analytics
Gleam.io
Gleam.io
marketing
OneTrust
OneTrust
Privacy
SpiceWorks
SpiceWorks
analytics
Talentegy
Talentegy
analytics
TechTarget
TechTarget
analytics
TrustArc
TrustArc
Privacy
Cookiebot
Cookiebot
Privacy
Google Optimize
Google Optimize
analytics
Mouseflow
Mouseflow
analytics
Thunder Head
Thunder Head
marketing
Pardot
Pardot
marketing
Qualified
Qualified
sales
ClickCease
ClickCease
analytics
Satisfi
Satisfi
analytics
PulsePoint
PulsePoint
Performance
Sizmek
Sizmek
ads
RevJet
RevJet
ads
Moat
Moat
ads
Minute
Minute
ads
ListenLoop
ListenLoop
marketing
Chartbeat
Chartbeat
analytics
Crownpeak
Crownpeak
Privacy
Gigya
Gigya
Privacy
Ias
Ias
Security

Using these directives will help you prevent the dreaded.

Refused to load the script '...' because it violates the following Content Security Policy directive

Looking to add more services to this list?

Contact Us and let us know what you want.