CSP & Domains

Websites that use Content Security Policy (CSP) might not allow default access to domains managed by Fanplayr which are required for its various services and features to function correctly.

This page documents the CSP directives needed to enable Fanplayr's full functionality and is split into two guides, for Simple and Advanced CSP configurations.

Simple CSP configuration

Use the details in this section if your website uses a simple configuration that only makes use of the default-src CSP directive.

If your website allows wildcard domain values:

The following values for the default-src directive will be enough to enable all Fanplayr services:

'unsafe-inline'
*.fanplayr.com
d38nbbai6u794i.cloudfront.net

Note, the unsafe-inline keyword value is required for Fanplayr widgets.

If your website does NOT allow wildcard domain values:

You will need to list each domain used by Fanplayr individual in the default-src directive to enable all services:

'unsafe-inline'
cdn.fanplayr.com
static.fanplayr.com
d38nbbai6u794i.cloudfront.net
my.fanplayr.com
e1.fanplayr.com
w1.fanplayr.com
collect.fanplayr.com
recommendations.fanplayr.com
site-speed.fanplayr.com
fonts.fanplayr.com

Note, the unsafe-inline keyword value is required for Fanplayr widgets.

Advanced CSP configuration

Use this guide if your website uses more than just the default-src CSP directive. As your website uses other more specific directives, you will need to allow access to Fanplayr's domains for multiple directives to enable all services.

Each of the sections below describe a CSP directive and the most specific values needed for Fanplayr to operate correct. If your website allows wildcard domains, many of the values can be shortened to *.fanplayr.com.

script-src

'unsafe-inline'
cdn.fanplayr.com
static.fanplayr.com
d38nbbai6u794i.cloudfront.net
my.fanplayr.com
e1.fanplayr.com
w1.fanplayr.com
ajax.googleapis.com

Note, the unsafe-inline keyword value is required for Fanplayr widgets.

style-src

'unsafe-inline'
fonts.fanplayr.com

Note, the unsafe-inline keyword value is required for Fanplayr widgets.

img-src

cdn.fanplayr.com
collect.fanplayr.com
d38nbbai6u794i.cloudfront.net

connect-src

d38nbbai6u794i.cloudfront.net
recommendations.fanplayr.com
site-speed.fanplayr.com
cdn.fanplayr.com

Domain List

The following briefly outlines the primary purpose of each Fanplayr-managed domain:

Domain
Description

cdn.fanplayr.com

Content delivery network.

static.fanplayr.com

Content delivery network.

d38nbbai6u794i.cloudfront.net

Content delivery network.

fonts.fanplayr.com

Content delivery network.

my.fanplayr.com

Page tracking and segmentation evaluation.

e1.fanplayr.com

Page tracking and segmentation evaluation.

w1.fanplayr.com

Page tracking and segmentation evaluation.

collect.fanplayr.com

Analytics tracking.

site-speed.fanplayr.com

Analytics tracking.

recommendations.fanplayr.com

Product recommendation service.

ajax.googleapis.com

Google content delivery network (used for loading Web Font loader library).

Last updated