Installing Exatom with a Content Security Policy

Installing Exatom with a Content Security Policy

Exatom tags can be installed on websites that have a Content Security Policy (CSP). Typically, you will need to reach out to your website server, network, or IT department to request changes for this.

Option 1: Add Exatom to the default Content Security Policy

Use the default-src as CSP directive and add *.exatom.io to the list of allowed sources.

Example of a new Content Security Policy
  1. Content-Security-Policy: default-src 'self' *.exatom.io
Example of an existing Content Security Policy where Exatom was added to
  1. Content-Security-Policy: default-src 'self' *.example.com *.example.org *.exatom.io


Option 2: Add Exatom to the granular Content Security Policy controls

When more granular controls are needed, the following directives can be used script-src, connect-src, style-src and img-src to allow our *.exatom.io domain.
  1. Content-Security-Policy:
  2.   script-src 'self' *.exatom.io;
  3.   connect-src 'self' *.exatom.io;
  4.   style-src 'self' *.exatom.io;
  5.   img-src 'self' *.exatom.io;

    • Related Articles

    • Will Exatom slow down my website?

      Your website should be handled with care, and that is why we heavily invest in how our tags are operated and make sure they play nicely with every environment. The Exatom tags are carefully constructed and measured to ensure that it has negligible ...

    • Using Exatom events or signals on your website or CRM

      While we provide our Motivational Widgets to make it easier to communicate with visitors on your forms, it might not be that exact moment or format to deliver a message. You might be looking for capturing form specific signals like started or ...

    • Install with Google Tag Manager

      This article covers how to deploy the Exatom form analytics tags to Google Tag Mananger. The steps below need to be executed twice, once for our Event tag and once for our Conversion tag. ℹ️ Exatom attributes conversions to the last form that the ...

    • Securing your account with two-factor authentication

      Two-factor authentication (2FA) adds an extra layer of security to your account by requiring a second verification step. Step-by-step guide to enable two-factor authentication You can install an authenticator app if you haven't set one up Google ...

    • Privacy controls

      Exatom is a cookieless, privacy-first platform by design. We also took that route whilst developing our Session Replay product. Exatom's default privacy measurements for Session Recordings, all occurring locally within the user's browser before any ...