Content Security Policy Updates

If Primer Analytics isn’t working on your website, your Content Security Policy (CSP) settings may be blocking the required resources.

Why This Happens

CSP is a browser security feature that controls which content sources your site can load. If your CSP doesn’t explicitly allow Primer Analytics scripts and connections, the browser will block them - preventing data from being collected.

How to Fix It

Update your CSP settings to include the following:

• script-src directive: Allow loading of Primer Analytics scripts (analytics.sayprimer.com)

• connect-src directive (or default-src if connect-src isn’t defined): Allow data requests to Primer Analytics (web-script.api.sayprimer.com)

Example CSP Configuration:

default-src 'self';

script-src 'self' analytics.sayprimer.com;

connect-src 'self' web-script.api.sayprimer.com;

Steps to Verify Your Setup

1. Reload your website.

2. Open Chrome DevTools

3. Right-click → Inspect → Console

4. Check for CSP errors (e.g., “Refused to load the script” or “blocked:csp”).

5. Check Network Requests

6. Go to the Network tab

7. Search for primer

8. Ensure requests are not failing.

Additional Checks

• Allowed Domains: Make sure your site’s domain (e.g., yourcompany.com) is added to the Allowed Domains list in your Primer dashboard. Otherwise, requests may still fail with a 403 Forbidden error, even if your CSP is correct.

How to Inspect Your Active CSP in Chrome

1. Open your site in Chrome.

2. Right-click → Inspect.

3. Go to the Network tab.

4. Refresh the page.

5. Look for any requests to Primer domains.

6. Click on a failed request → Headers tab → find Content-Security-Policy under Response Headers to see your current policy.

✅ Once your CSP is updated and your domain is allowed, Primer Analytics should run without issues.