How to narrow down Google-related CSP rules so the Response Header of the Request will not get too big?

33 views Asked by At

We have a globally used website and we use Google AdWords, Analytics, TagManager. However, we have CSP rules in the response headers specified by Nginx.

The problem is that there are URLs like ...google.de, ...google.hu and so on.

We would love to have a CSP rule that would look like

google.[de|hu|en]

but CSP rules as far as we know do not allow this kind of specification.

We pondered about the possibility of moving the CSP rules to a meta tag that's placed early in the head tag, but due to some feature limitations I was told that this is not an option in our case.

So, we think about either specifying at the service settings not to use localized URLs, or increasing response header size at Nginx or so.

It's highly probable that other web devs tracking user actions like we do encountered this issue. So, the question is:

Is there a way to dramatically narrow down the length of CSP rules that differ in their suffix, or, if not, how can we cope with this limitation problem?

0

There are 0 answers