How do I adjust my Content Security Policy after integrating the Trustbadge®?

If you have established a Content Security Policy for your website, there may be display errors in the Trustbadge® and the Trustcard or in the eTrusted Control Centre. This guide tells you how to customise your Content Security Policy and fix it.

What is a Content Security Policy?

Content Security Policy (CSP) is a security concept for websites that is intended to prevent cross-site scripting attacks in particular. Cross-site scripting causes website visitors' browsers to execute malicious code within a website.

In order to prevent such attacks, all data that is not explicitly approved by the Content Security Policy is blocked from loading. With the help of a Content Security Policy, you can determine which content can be loaded from which sources in your website visitors' browsers.

Adapting Content Security Policy

In order for your Trusted Shops products to function correctly, they must be able to load data from Trusted Shops domains. To do this, adapt your Content Security Policy.

Not sure how to adapt your Content Security Policy? Then reach out to your IT department, development team or those managing your website.

General Content Security Policy

Do you use a general Content Security Policy? In this case, adjustments in your default-src rules are enough. Add the following rules to your default-src rules:

default-src https://*.trustedshops.com http://*.trustedshops.com data: 'unsafe-inline';

More specific Content Security Policy

Have you established your own rules for data types such as images, fonts or JavaScript within your Content Security Policy? Then add the following rules:

img-src https://*.trustedshops.com http://*.trustedshops.com data:; 
script-src https://*.trustedshops.com http://*.trustedshops.com 'unsafe-inline';
font-src https://*.trustedshops.com http://*.trustedshops.com data:;
connect-src https://*.trustedshops.com http://*.trustedshops.com https://*.etrusted.com http://*.etrusted.com https://*.trustbadge.com http://*.trustbadge.com;

Was this article helpful?

2 out of 2 found this helpful