CSP & Domains

Websites that use Content Security Policy (CSP) might not allow default access to domains managed by Fanplayr which are required for its various services and features to function correctly. 
This page documents the CSP directives needed to enable Fanplayr's full functionality and is split into two guides, for Simple and Advanced CSP configurations.
Simple CSP configuration
Use the details in this section if your website uses a simple configuration that only makes use of the default-src CSP directive.
If your website allows wildcard domain values:
The following values for the default-src directive will be enough to enable all Fanplayr services:
'unsafe-inline'
*.fanplayr.com
d38nbbai6u794i.cloudfront.net
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
If your website does NOT allow wildcard domain values:
You will need to list each domain used by Fanplayr individual in the default-src directive to enable all services:
'unsafe-inline'
cdn.fanplayr.com
static.fanplayr.com
d38nbbai6u794i.cloudfront.net
my.fanplayr.com
e1.fanplayr.com
w1.fanplayr.com
collect.fanplayr.com
recommendations.fanplayr.com
site-speed.fanplayr.com
fonts.fanplayr.com
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
Advanced CSP configuration
Use this guide if your website uses more than just the default-src CSP directive. As your website uses other more specific directives, you will need to allow access to Fanplayr's domains for multiple directives to enable all services.
Each of the sections below describe a CSP directive and the most specific values needed for Fanplayr to operate correct. If your website allows wildcard domains, many of the values can be shortened to *.fanplayr.com.
script-src
'unsafe-inline'
cdn.fanplayr.com
static.fanplayr.com
d38nbbai6u794i.cloudfront.net
my.fanplayr.com
e1.fanplayr.com
w1.fanplayr.com
ajax.googleapis.com
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
style-src
'unsafe-inline'
fonts.fanplayr.com
Note, the unsafe-inline keyword value is required for Fanplayr widgets.
img-src
cdn.fanplayr.com
collect.fanplayr.com
d38nbbai6u794i.cloudfront.net
connect-src
d38nbbai6u794i.cloudfront.net
recommendations.fanplayr.com
site-speed.fanplayr.com
cdn.fanplayr.com
Domain List
The following briefly outlines the primary purpose of each Fanplayr-managed domain:
Domain
Description
cdn.fanplayr.com
Content delivery network.
static.fanplayr.com
Content delivery network.
d38nbbai6u794i.cloudfront.net
Content delivery network.
fonts.fanplayr.com
Content delivery network.
my.fanplayr.com
Page tracking and segmentation evaluation.
e1.fanplayr.com
Page tracking and segmentation evaluation.
w1.fanplayr.com
Page tracking and segmentation evaluation.
collect.fanplayr.com
Analytics tracking.
site-speed.fanplayr.com
Analytics tracking.
recommendations.fanplayr.com
Product recommendation service.
ajax.googleapis.com
Google content delivery network (used for loading Web Font loader library).

Domain	Description
cdn.fanplayr.com	Content delivery network.
static.fanplayr.com	Content delivery network.
d38nbbai6u794i.cloudfront.net	Content delivery network.
fonts.fanplayr.com	Content delivery network.
my.fanplayr.com	Page tracking and segmentation evaluation.
e1.fanplayr.com	Page tracking and segmentation evaluation.
w1.fanplayr.com	Page tracking and segmentation evaluation.
collect.fanplayr.com	Analytics tracking.
site-speed.fanplayr.com	Analytics tracking.
recommendations.fanplayr.com	Product recommendation service.
ajax.googleapis.com	Google content delivery network (used for loading Web Font loader library).

User Properties

Last modified 3mo ago