# Content Security Policy Updates

If Primer Analytics isn’t working on your website, your Content Security Policy (CSP) settings may be blocking the required resources.

#### Why This Happens?

CSP is a browser security feature that controls which content sources your site can load.\
If your CSP doesn’t explicitly allow Primer Analytics scripts and connections, the browser will block them - preventing data from being collected.

#### How to Fix It

Update your CSP settings to include the following:

* script-src directive: Allow loading of Primer Analytics scripts ([analytics.sayprimer.com](http://analytics.sayprimer.com))
* connect-src directive (or default-src if connect-src isn’t defined): Allow data requests to Primer Analytics ([web-script.api.sayprimer.com](http://web-script.api.sayprimer.com))

#### Example CSP Configuration:

```
default-src 'self';
```

```
script-src 'self' analytics.sayprimer.com;
```

```
connect-src 'self' web-script.api.sayprimer.com;
```

#### Steps to Verify Your Setup

* Reload your website.
* Open Chrome DevTools
* Right-click → Inspect → Console
* Check for CSP errors (e.g., “Refused to load the script” or “blocked:csp”).
* Check Network Requests
* Go to the Network tab
* Search for primer
* Ensure requests are not failing.

#### Additional Checks

* Allowed Domains: Make sure your site’s domain (e.g., yourcompany.com) is added to the Allowed Domains list in your Primer dashboard. Otherwise, requests may still fail with a 403 Forbidden error, even if your CSP is correct.

#### How to Inspect Your Active CSP in Chrome

* Open your site in Chrome.
* Right-click → Inspect.
* Go to the Network tab.
* Refresh the page.
* Look for any requests to Primer domains.
* Click on a failed request → Headers tab → find Content-Security-Policy under Response Headers to see your current policy.

***

✅ Once your CSP is updated and your domain is allowed, Primer Analytics should run without issues.

<br>