csp-report-to-google-analytics
v1.0.2
Published
CSP report to Google Analytics.
Downloads
21
Maintainers
Readme
csp-report-to-google-analytics
Content-Security-Policy(CSP) report to Google Analytics.
Usage
This library should be used with analytics.js.
This library does not work with gtag.js
. Please see gtag.js API? · Issue #202 · googleanalytics/autotrack.
You can load this library from unpkg CDN.
<!-- Google Analytics -->
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
// require csp-report-to-google-analytics plugin
ga('require', 'csp-report');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<!-- End Google Analytics -->
<!-- Load csp-report-to-google-analytics plugin -->
<script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>
You have already introduced analytics.js
, then add these to existing analytic setting.
ga('require', 'csp-report');
<script async src='https://unpkg.com/csp-report-to-google-analytics/dist/csp-report-to-google-analytics.min.js'></script>
CSP
You need to enable CSP on your site.
The Content-Security-Policy-Report-Only HTTP Header is useful to found mixed contents on your site.
Content-Security-Policy-Report-Only: default-src https:;
Also, <meta>
tag can enable Content-Security-Policy
, but <meta>
tag does not support ``Content-Security-Policy-Report-Only` header.
<!-- Work -->
<meta http-equiv="Content-Security-Policy" content="default-src https:">
<!-- Not Work -->
<meta http-equiv="Content-Security-Policy-Report-Only" content="default-src https:">
For more information about CSP, see Content Security Policy CSP Reference & Examples.
Options
debug
: boolean- Default:
false
- Default:
ga('require', 'csp-report', {
debug: true
});
Default field values
| Field | Value |
| ------------------------------------------------------------ | ------------------------------------------------------------ |
| hitType
| 'pageview'
|
| eventCategory
| 'CSP Report'
|
| eventAction
| SecurityPolicyViolationEvent.violatedDirective
|
| eventLabel
| SecurityPolicyViolationEvent.blockedURI
|
| nonInteraction
| true
|
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test
:
npm i -d && npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
Author
License
MIT © azu