Sometimes you may see some Content Security Policy reports in the console, but don’t know where they coming from. Here are the examples:
Refused to load the script 'https://www.pagespeed-mod.com/v1/taas?id=cs&ak=32b001198a46647f164402ebaec7a88c&si=d07acaa3a5ff4a4f99b12b98acafe347&tag=1005&rand=KnrmIY4tBAkBREOs1UqShwYntmoI22du&ord=4533030624845573' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-34B604LFFQ' because it violates the following Content Security Policy directive: "script-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
The above reports come from the Chrome extension called Foxified.
How do we find who’s the owner
Following steps can help:
- Disable all browser extensions and reload the page. If the issue disappeared then it’s all about one of your installed browser extensions.
- Try incognito mode to check the difference.
Leave a Reply