Content Security Policy Updates

If Primer Analytics isn’t working on your website, your Content Security Policy (CSP) settings may be blocking the required resources.

Why This Happens?

CSP is a browser security feature that controls which content sources your site can load. If your CSP doesn’t explicitly allow Primer Analytics scripts and connections, the browser will block them - preventing data from being collected.

How to Fix It

Update your CSP settings to include the following:

• script-src directive: Allow loading of Primer Analytics scripts (analytics.sayprimer.com)

• connect-src directive (or default-src if connect-src isn’t defined): Allow data requests to Primer Analytics (web-script.api.sayprimer.com)

Example CSP Configuration:

default-src 'self';

script-src 'self' analytics.sayprimer.com;

connect-src 'self' web-script.api.sayprimer.com;

Steps to Verify Your Setup

• Reload your website.

• Open Chrome DevTools

• Right-click → Inspect → Console

• Check for CSP errors (e.g., “Refused to load the script” or “blocked:csp”).

• Check Network Requests

• Go to the Network tab

• Search for primer

• Ensure requests are not failing.

Additional Checks

• Allowed Domains: Make sure your site’s domain (e.g., yourcompany.com) is added to the Allowed Domains list in your Primer dashboard. Otherwise, requests may still fail with a 403 Forbidden error, even if your CSP is correct.

How to Inspect Your Active CSP in Chrome

• Open your site in Chrome.

• Right-click → Inspect.

• Go to the Network tab.

• Refresh the page.

• Look for any requests to Primer domains.

• Click on a failed request → Headers tab → find Content-Security-Policy under Response Headers to see your current policy.

✅ Once your CSP is updated and your domain is allowed, Primer Analytics should run without issues.