Enable Primer Analytics by Updating Your Content Security Policy (CSP)

If Primer Analytics isn’t working on your website, your Content Security Policy (CSP) settings may be blocking the required resources.

Why This Happens

CSP is a browser security feature that controls which content sources your site can load. If your CSP doesn’t explicitly allow Primer Analytics scripts and connections, the browser will block them - preventing data from being collected.

How to Fix It

Update your CSP settings to include the following:

• script-src directive: Allow loading of Primer Analytics scripts (analytics.sayprimer.com)

• connect-src directive (or default-src if connect-src isn’t defined): Allow data requests to Primer Analytics (web-script.api.sayprimer.com)

Example CSP Configuration:

default-src 'self';

script-src 'self' analytics.sayprimer.com;

connect-src 'self' web-script.api.sayprimer.com;

Steps to Verify Your Setup

1. Reload your website.

2. Open Chrome DevTools

3. Right-click → Inspect → Console

4. Check for CSP errors (e.g., “Refused to load the script” or “blocked:csp”).

5. Check Network Requests

6. Go to the Network tab

7. Search for primer

8. Ensure requests are not failing.

Additional Checks

• Allowed Domains: Make sure your site’s domain (e.g., yourcompany.com) is added to the Allowed Domains list in your Primer dashboard. Otherwise, requests may still fail with a 403 Forbidden error, even if your CSP is correct.

How to Inspect Your Active CSP in Chrome

1. Open your site in Chrome.

2. Right-click → Inspect.

3. Go to the Network tab.

4. Refresh the page.

5. Look for any requests to Primer domains.

6. Click on a failed request → Headers tab → find Content-Security-Policy under Response Headers to see your current policy.

✅ Once your CSP is updated and your domain is allowed, Primer Analytics should run without issues.