Piwik pro and Content Security Policy

Flash · January 27, 2025, 5:29pm

Hi,

I am looking for guidance on implementing a Content Security Policy (CSP) while using Piwik Pro.

I’ve reviewed the documentation related to this, and understand that a nonce value must be included in the Piwik Pro script.

My questions are :

-If my Piwik Pro script is executed via Google Tag Manager (GTM), is passing the nonce through the Data Layer the best approach?
-Given that Data Layer values may be exposed, does this present a security concern?
-What are your recommendations for ensuring the security of this process?

To summarize:

The Piwik Pro tag is deployed via GTM.
I need to securely obtain the nonce value within my GTM-managed script.

Is using the Data Layer to pass the nonce value secure in this context? If it is not advisable, what secure methods would you recommend for transferring the nonce value to the Piwik Pro script?

Thank you for your help !

kamilb · January 28, 2025, 3:19pm

Hi @Flash,

This article explains how you can add the nonce through GTM - Using Google Tag Manager with a Content-Security-Policy - DEV Community

Please let me know if you have any questions.

Have a great day!

Topic		Replies	Views
Piwik Pro Core and CSP 3 Data collection and tags	2	384	May 11, 2022
Problem with CSP Data collection and tags	3	270	July 26, 2023
Piwik Pro Serverside through GTM Data collection and tags	9	276	October 5, 2023
Nonce SetUp Verification API & integrations	23	1136	May 19, 2023
GTM Container Setup via Piwik PRO Consent Management Tool Data collection and tags	2	191	May 17, 2023

Piwik pro and Content Security Policy

Related topics