Content Security Policies
Content Security Policy (CSP) is a browser feature which can add a layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
Lax mode prevents your visitors from establishing connections to websites that have not been confirmed in your Data Flows. This mode allows for user consent to change without a page refresh.
Strict mode prevents your visitors from establishing connections to websites (and their subdomains) that are not allowed based on user tracking consent. This mode requires a page refresh whenever user tracking consent changes.
No CSP generation. Transcend Consent Management will still provide protection against most network-based tracking. See our for a list of network interfaces that we do not yet directly regulate without CSP.
Our consent manager connects to the following origins by default. Make sure to add these domains to your existing CSP to ensure that our consent manager can function properly:
- — CDN for consent manager resources (required)
- — consent manager sync coordination endpoint (optional; set
data-sync="off"to disable sync or set
data-sync-endpoint="…"on your airgap.js script element to configure your own endpoint).
- — Encountered host telemetry ingestion endpoint (required; set
data-telemetry="usage"to reduce telemetry to just usage data essential for billing)