Cookie3 Docs
  • 👋Introduction
  • 👉Register your account
  • 🔌Setup your site or app
    • 1️⃣Add your website or app
    • 2️⃣Install Cookie3 snippet in your website or app
    • 3️⃣Installation guide
      • ⚡Integration with Google Tag Manager (GTM)
    • 4️⃣Verifying installation status
    • 5️⃣Security measures
    • 6️⃣Setup in-app custom events
    • 7️⃣Setting up consent management
    • How to retrieve your siteID?
    • ↗️Upgrading the snippet version
      • Troubleshooting
  • 👩‍💼Add your team members
  • 🍪Features
    • 📈Onchain Explorer
      • Filters
      • Supported blockchains
      • Charts & metrics
      • Data export
      • CSV import
      • Audiences
    • 🕸️Web Analytics
      • Selecting a website or app
      • Filters
      • Onchain reporting
      • Acquisition report
        • 🔎Data dimensions
        • 📈Key metrics
      • Conversions report
        • 📈Key metrics
        • 💲Show attribution report per conversion event
    • 💲Conversion Events
      • How our attribution works?
      • Onchain conversion events
        • Attributed USD Value
      • Offchain conversion events
      • Retrieving your Conversion Event unique ID
    • 🐦KOL Intelligence
      • Getting started
        • Organic KOLs and Lists
        • KOL Dashboard
        • Searchbar
        • KOL Activity Chart
          • Extending the chart with additional Metrics
        • Advanced Metrics
        • Performance Table
          • KOL metrics explained
        • Post Feed
      • Your KOLs
        • Importing KOL Lists
          • Understanding the loading status during KOL upload
        • Managing KOLs in a given project
        • KOL List summary
      • AI-powered KOL scoring system
      • Campaigns
    • 📊Token Analytics
  • ⚙️API
    • 🌀Referral Systems
      • Setup referral tracking
      • Accessing leaderboard and user data
      • API Response schema
      • Best practices
      • FAQ
Powered by GitBook
On this page
  • Security Measures When Connecting the Cookie3 Analytics Snippet to Your Website
  • Integrity Attribute
  • Cross-Origin Attribute
  • Content Security Policy (CSP) Setup
  • Why Do All of This?

Was this helpful?

  1. Setup your site or app

Security measures

This page describes what steps Cookie3 took to ensure maximum security when installing the Cookie3 Analytics snippet for our users.

Security Measures When Connecting the Cookie3 Analytics Snippet to Your Website

When you add the Cookie3 Analytics script to your website, there are a few important security features that can help ensure the script is safe and doesn't expose your site to risks. Let's break down what these features are and why they matter:

Note: All of these security features are available out of the box when you install the Cookie3 Analytics snippet, meaning you don’t need to manually configure them—they're built in to protect your site.

Integrity Attribute

The integrity attribute is like a safety check for the script you’re adding to your site. It helps ensure that the script hasn’t been altered or tampered with in any way.

  • When you add a script to your site, you can use an integrity attribute that includes a unique "hash" (a string of characters) of the original script. Your browser will download the script and then compare it to this hash.

  • If the script matches the hash, it’s considered safe. If it doesn’t match, the browser will block it from running because it might have been compromised.

Why use it?

It ensures that the script you’re running is exactly the one provided by Cookie3 Analytics, without any hidden changes or malicious code.


Cross-Origin Attribute

The cross-origin attribute is used to control how a script interacts with content on different domains (websites). It sets rules for how the script can communicate between your site and other sites where the script might be hosted.

  • By using this attribute, you can reduce the chance of security risks like cross-site scripting attacks, where malicious code from another site tries to hijack your content or data.

Why use it?

It limits the script’s ability to interact with other sites, reducing the risk of security breaches.


Content Security Policy (CSP) Setup

A Content Security Policy (CSP) is a set of rules you can set for your website to control what types of content are allowed to run. It’s like a security firewall for your site.

  • You can specify which websites your site is allowed to load scripts, images, or other resources from. This helps block any unauthorized or potentially harmful content.

How to set it up:

  • Typically, you add CSP rules in your website's header section. For example, if you want to allow scripts only from Cookie3 Analytics, you could set a rule that allows scripts to load only from that specific domain.

  • The domain that should be whitelisted is: cdn.markfi.xyz


Why Do All of This?

  1. Protect your visitors: These security measures help ensure that no one can inject harmful code into your site, which could steal data or compromise user privacy.

  2. Ensure the integrity of your site: By using these settings, you prevent unauthorized scripts from running on your site, ensuring your website is as safe and secure as possible.

  3. Prevent attacks: Security features like the integrity attribute, cross-origin attribute, and CSP help guard against attacks like data theft, unauthorized tracking, or malicious code execution.

  4. Build trust with your audience: When your website is secure, visitors are more likely to trust your site with their data, which is especially important if you collect sensitive information.

By following these steps and enabling these security features, you can rest assured that the Cookie3 Analytics script is running safely and that your website is protected from common online threats.

PreviousVerifying installation statusNextSetup in-app custom events

Last updated 8 months ago

Was this helpful?

🔌
5️⃣