5️⃣Security measures

This page describes what steps Cookie3 took to ensure maximum security when installing the Cookie3 Analytics snippet for our users.

Security Measures When Connecting the Cookie3 Analytics Snippet to Your Website

When you add the Cookie3 Analytics script to your website, there are a few important security features that can help ensure the script is safe and doesn't expose your site to risks. Let's break down what these features are and why they matter:

Note: All of these security features are available out of the box when you install the Cookie3 Analytics snippet, meaning you don’t need to manually configure them—they're built in to protect your site.

Integrity Attribute

The integrity attribute is like a safety check for the script you’re adding to your site. It helps ensure that the script hasn’t been altered or tampered with in any way.

  • When you add a script to your site, you can use an integrity attribute that includes a unique "hash" (a string of characters) of the original script. Your browser will download the script and then compare it to this hash.

  • If the script matches the hash, it’s considered safe. If it doesn’t match, the browser will block it from running because it might have been compromised.

Why use it?

It ensures that the script you’re running is exactly the one provided by Cookie3 Analytics, without any hidden changes or malicious code.

Cross-Origin Attribute

The cross-origin attribute is used to control how a script interacts with content on different domains (websites). It sets rules for how the script can communicate between your site and other sites where the script might be hosted.

  • By using this attribute, you can reduce the chance of security risks like cross-site scripting attacks, where malicious code from another site tries to hijack your content or data.

Why use it?

It limits the script’s ability to interact with other sites, reducing the risk of security breaches.

Content Security Policy (CSP) Setup

A Content Security Policy (CSP) is a set of rules you can set for your website to control what types of content are allowed to run. It’s like a security firewall for your site.

  • You can specify which websites your site is allowed to load scripts, images, or other resources from. This helps block any unauthorized or potentially harmful content.

How to set it up:

  • Typically, you add CSP rules in your website's header section. For example, if you want to allow scripts only from Cookie3 Analytics, you could set a rule that allows scripts to load only from that specific domain.

  • The domain that should be whitelisted is: cdn.markfi.xyz

Why Do All of This?

  1. Protect your visitors: These security measures help ensure that no one can inject harmful code into your site, which could steal data or compromise user privacy.

  2. Ensure the integrity of your site: By using these settings, you prevent unauthorized scripts from running on your site, ensuring your website is as safe and secure as possible.

  3. Prevent attacks: Security features like the integrity attribute, cross-origin attribute, and CSP help guard against attacks like data theft, unauthorized tracking, or malicious code execution.

  4. Build trust with your audience: When your website is secure, visitors are more likely to trust your site with their data, which is especially important if you collect sensitive information.

By following these steps and enabling these security features, you can rest assured that the Cookie3 Analytics script is running safely and that your website is protected from common online threats.

PreviousVerifying installation statusNextSetup in-app custom events

Last updated