CookieBot don't show on Firefox and Chrome
Hi,
I've install th eplugin CookieBot on my Wordpress.
The banner is showing on Internet Explorer but don't show on Firefox and Chrome.
Here is the error message I can see in the debug view :
" Refused to load the script 'https://consent.cookiebot.com/uc.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com *.oneall.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. "
How can I solve this probleme ?
Here is my website : https://entreprendre.fun
Thanks for your feedback.
-
Hi,
I've remove the WordPres plugin and I use now the script code : <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="3a234586-b191-4b17-824c-85ef04b2ac83" type="text/javascript" async></script>
The problem is always the same ....
Can You help me to solve this problem ?
Best regards.
-
Hey Michael,
The reason why Cookiebot is not showing is that the script is not loaded. There is something on your website which blocks the script and prevent the loading of cookiebot.
When I inspect the website the following error message is displayed in the console:
Refused to load the script 'https://consent.cookiebot.com/uc.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com *.oneall.com".
see screenshot below:
I think that you could fix this issue by adding meta tag "Content Security Policy" which allow importing a remote script. It should look like this:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: XXXXXXXXXXXXX">Regards,
Spas -
Hi,
I've install a new plugin on my WordPress to add the script on the Header.
Here is what I've done on the Header section :
1) Insert this script : <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="3a234586-b191-4b17-824c-85ef04b2ac83" type="text/javascript" async></script>
It doesn't work on Firefox and Chrome
2) Insert this script :
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="3a234586-b191-4b17-824c-85ef04b2ac83" type="text/javascript" async></script>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: XXXXXXXXXXXXX">
It doesn't work on Firefox and Chrome AND the CSS don't laod on my Wordpress
3) I've change the DATA value like this :
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="3a234586-b191-4b17-824c-85ef04b2ac83" type="text/javascript" async></script>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: 3a234586-b191-4b17-824c-85ef04b2ac83">
It doesn't work on Firefox and Chrome AND the CSS don't laod on my Wordpress
Can you help me ? -
Hi Michel,
Could you try using:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://consent.cookiebot.com">You could find more information about how to use Cpntent Security Policy in the following links:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://content-security-policy.com/Regards,
Spas -
Hi Spas,
I've add your script but it dosen't work.
Could you please send me all the attribut that could work on the script ? Here is my website : https://entreprendre.fun
Is there a way to speak with someone to solve my problem ? By Phone or Skype or WhatsApp ...
Thanks
-
Hi Michel,
You are using a CSP (content security policy), but I can see that you have not added the meta-tag about CSP mentioned in the above comment.
Preferably you should make sure that our script source is white-listed in the http-header. You should also contact you host provider and have them add the Cookiebot domain to you CSP.Regards, Spas
-
Hi Michel,
Here you could find the IPs which are used by Cookiebot, so you could add those IPs to your whitelist if you want to: https://support.cookiebot.com/hc/en-us/articles/360003824153-Whitelist-what-IP-addresses-do-you-scan-from-
Regarding the Content Security Policy META tag, I can see that you have added it to your head but you have not added the right CSP meta tag.
Unfortunately, I can not provide you all attributes of the meta tag because the attributes depends on your website and this is something you should figure out by yourself.
However, I see that now you have added as CSP meta tag:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com *.oneall.com">
I guess that this meta tag is copy/pasted from somewhere with example data/attributes which are not related to your case and that's why it doesn't work on your site.
You could also see in the above comments that I have suggested you a example of CSP meta tag that you could try on, but as I said you should find the exact data/attributes that you need to add in order to allow all blocked scripts to your site.Regards, Spas
Please sign in to leave a comment.
Comments
10 comments