Thank you for replying Michal, there’s a few items that I need advice on, so I’d better do them one at a time?
Yes, I am using the developer’s site which is very comprehensive, I’ve tried to stick with that religiously.
Most of it is self explanatory, except for where the blocks of script actually go on the html page ie: head? body? etc.
I have my CSP in my root .htaccess and I have a tag in the head of each page on my site like this:
Now, whether this is necessary I don’t know, but I read on Stackoverflow that it was.
I have sussed that I need an asynchronous container as I use PayPal’s payment gateway.
I have seen the nonce value on the developer’s page of nceIOfn39fn3e9h3sd
This line of script, where it says <your-sources> I have put 'self' and the above nonce value.
script-src <your-sources> 'nonce-INSERT_VALID_NONCE_VALUE';
I realise that I may have mis-understood some instruction, but my main concern is, as I said in my opening paragraph, where does the container go, head or body??
At the moment it's in the <head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self';">
<!--Piwick code starts-->
<script type="text/javascript" nonce="nceIOfn39fn3e9h3sd">
(function(window, document, dataLayerName, id) {
window[dataLayerName]=window[dataLayerName]||[],window[dataLayerName].push({start:(new Date).getTime(),event:"stg.start"});
var scripts=document.getElementsByTagName('script')[0],tags=document.createElement('script');
function stgCreateCookie(a,b,c){var d="";if(c){var e=new Date;e.setTime(e.getTime()+24*c*60*60*1e3),d=";expires="+e.toUTCString()}document.cookie=a+"="+b+d+"; path=/"}
var isStgDebug=(window.location.href.match("stg_debug")||document.cookie.match("stg_debug"))&&!window.location.href.match("stg_disable_debug");
stgCreateCookie("stg_debug",isStgDebug?1:"",isStgDebug?14:-1);
var qP=[];dataLayerName!=="dataLayer"&&qP.push("data_layer_name="+dataLayerName),tags.nonce="nceIOfn39fn3e9h3sd",isStgDebug&&qP.push("stg_debug");
var qPString=qP.length>0?("?"+qP.join("&")):"";
tags.async=!0,tags.src="[https://client.containers.piwik.pro/](https://client.containers.piwik.pro/)"+id+".js"+qPString,
scripts.parentNode.insertBefore(tags,scripts);
!function(a,n,i){a[n]=a[n]||{};for(var c=0;c<i.length;c++)!function(i){a[n][i]=a[n][i]||{},a[n][i].api=a[n][i].api||function(){
var a=[].slice.call(arguments,0);"string"==typeof a[0]&&window[dataLayerName].push({event:n+"."+i+":"+a[0],parameters:[].slice.call(arguments,1)})}}(i[c])}(window,"ppms",["tm","cm"]);
})(window, document, 'dataLayer', 'feacd61d-0232-40a1-96c3-7e469f7bfa7f');
</script>
<!--Piwick code ends-->
I think I've done it right so far, but you might think differently!
In any case, I am grateful for any assistance you can give me, Steve