What are CSP Headers?
CSP headers are security rules set by a website that help prevent certain types of injection-based attacks by controlling which resources (like scripts, styles, images) a browser is allowed to load on a web page. There is technical information about those here. CSP Headers are a feature to support compliance to the Payment Card Industry Data Security Standards, i.e. the technical and operational standards that organisations must follow to protect cardholder data.
What does this mean in practice?
In practice, the implementation of CSP headers means that only approved resources can be loaded on your Impact Stack. If you’d like to add or integrate anything from an entirely new domain via Google Tag Manager (i.e. a new tracking tool, a LinkedIn pixel etc.), just reach out to us first at support@more-onion.com so we can review and approve it. If you have previously used a Meta pixel and then add a new Meta pixel, that should work without telling us. But you do need to tell us if you want to use a new tool that uses a different domain. We'll do our best to make the process smooth, while ensuring Impact Stack adheres to the highest security standards.
If you would like to manage your Impact Stack CSP directives yourself, please also reach out to support@more-onion.com, we’re happy to give you a quick guide on how that works.
Comments