Please note that the Consent Manager you just created is restricted for deployment on the site you scanned. The script will not operate on additional web properties.
Please review the deployment steps in the Implementation Guide for more information on how to deploy the CCM script on your website(s).
CSP Rules for CCM Pro Domains
NOTE: Some websites have strict security requirements. If the CCM is being blocked or not rendering properly, you may need to review or update your Content Security Policy (CSP) rules. CSP is typically managed by your IT team and is an HTTP response header that modern browsers use to enhance security by controlling which resources (such as JavaScript, CSS, and images) can load and from which sources. For more information, visit this page.
Below are the recommended CSP rules for CCM Pro. In case of CSP-related errors, please work with your IT department to implement these rules:
script-src: 'self' 'unsafe-inline' 'unsafe-eval' https://*.trustarc.com style-src: 'self' 'unsafe-inline' default-src: 'self' frame-src: 'self' https://*.trustarc.com connect-src: 'self' https://*.trustarc.com font-src: 'self' https://*.trustarc.com img-src: 'self' data: https://*.trustarc.com https://*.truste.com
NOTE: If you want to add frame-ancestors, please include the site itself.
For example, site that loads notice script is https://www.trustarc.com/ then frame-ancestors should contain https://*.trustarc.com/.
frame-ancestors: https://*.trustarc.com/
Referrer Policy Header Requirements
When deploying CCM Pro on a website, it is essential to configure the referrer-policy correctly to ensure proper functioning.
Why the Referrer Header is Required in CCM Pro
In order for CCM Pro to function correctly, the Referrer header is a strict requirement for two main purposes:
-
Tracker Detection for Scanned Websites
The
Referrerheader is used to identify the origin of the website from which the script is being loaded. This is essential for finding trackers on the scanned website and associating the appropriate consent preferences with the correct domain. -
Consent Reporting Endpoints
The
Referrerheader is also necessary for reporting consent data back to the relevant Consent Location. Without this header, consent reporting will fail, including GDPR compliance reports. The consent location tracking is dependent on theReferrerto know which domain the consent applies to.
Direct configuration for Script Tags
When current policies doesn’t allow a server configuration, the client can add the following attribute to the script tags to ensure proper referrer handling:
Example
<script async="async" type="text/javascript" crossorigin="" src='xx' referrerpolicy="origin-when-cross-origin"></script> For more information and compatibility details, refer to this page:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy
Supported referrer-policy Headers for CCM Pro
The following referrer-policy values will work with CCM Pro:
origin-when-cross-originstrict-origin-when-cross-originunsafe-url