csp-report-to-google-analytics
Content-Security-Policy(CSP) report to Google Analytics.
Usage
This library should be used with analytics.js.
This library does not work with gtag.js
. Please see gtag.js API? · Issue #202 · googleanalytics/autotrack.
You can load this library from unpkg CDN.
<!-- Google Analytics --><!-- End Google Analytics --><!-- Load csp-report-to-google-analytics plugin -->
You have already introduced analytics.js
, then add these to existing analytic setting.
ga('require', 'csp-report');
<script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>
CSP
You need to enable CSP on your site.
The Content-Security-Policy-Report-Only HTTP Header is useful to found mixed contents on your site.
Content-Security-Policy-Report-Only: default-src https:;
Also, <meta>
tag can enable Content-Security-Policy
, but <meta>
tag does not support ``Content-Security-Policy-Report-Only` header.
<!-- Work --><!-- Not Work -->
For more information about CSP, see Content Security Policy CSP Reference & Examples.
Options
debug
: boolean- Default:
false
- Default:
ga('require', 'csp-report', { debug: true});
Default field values
Field | Value |
---|---|
hitType |
'pageview' |
eventCategory |
'CSP Report' |
eventAction |
SecurityPolicyViolationEvent.violatedDirective |
eventLabel |
SecurityPolicyViolationEvent.blockedURI |
nonInteraction |
true |
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test
:
npm i -d && npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
Author
License
MIT © azu