How is CSP Used?
CSP uses the HTTP header Content-Security-Policy with a string containing directives that control the rendering and requesting of resources. This HTTP header can be sent by utilizing server side code (PHP, Java, C#), or with a <meta> tag in the HTML.
Example: <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; script-src https://ajax.googleapis.com">
How is CSP Used with Kount?
While the combinations of CSP directives a customer might use on their site is dizzying and is based on the unique way their pages are built, a few special directives will be required to ensure that Kount's device fingerprinting works correctly.
- img-src https://*.kaptcha.com - Informs the browser that images can be loaded from https://*.kaptcha.com. This is to ensure our logo.gif is loaded.
- child-src https://*.kaptcha.com - Informs the browser that child documents (iframes) can be loaded from https://*.kaptcha.com. This ensures the iframe that does all the work gets loaded.