---
title: "Content Security Policy (CSP)"
description: "After DNS is configured for tralut.website.com then the content security policy (CSP) headers file needs the https://tralut.website.com URL and the backup URL https://main 1234.trlution.com added to these policies: script src https://tralut.website.com https://main 1234.trlution.com; img src https://tralut.website.com https://main 1234.trlution.com; connect src https://tralut.website.com https://main 1234.trlution.com; frame src https://tralut.website.com https://main 1234.tr…"
slug: "content-security-policy-csp"
category_slug: "tracking-guides"
category_name: "Tracking Guides"
order: 3000000053
published_at: "2026-01-20T12:06:13+00:00"
updated_at: "2026-04-14T12:05:59+00:00"
language_code: "en-US"
tags: []
---

After DNS is configured for `tralut.website.com` then the content security policy (CSP) **headers file** needs the `https://tralut.website.com` URL and the backup URL `https://main-1234.trlution.com` added to these policies:

    script-src https://tralut.website.com https://main-1234.trlution.com;
    img-src https://tralut.website.com https://main-1234.trlution.com;
    connect-src https://tralut.website.com https://main-1234.trlution.com;
    frame-src https://tralut.website.com https://main-1234.trlution.com;

`website.com` and `main-1234` in this context are placeholders for the clients actual website and server domains. You may have settings like 'self' blob: and other domains already listed in these policies, just make sure to add URLs within the same statement, in other words, before the " **;** "
<section class="info-box">If you are using the GTM template, you also need to include the template's loader domain for the same policies above. Add&nbsp;<strong>https://gtm.trlution.com</strong>&nbsp;before the " <strong>;</strong> "</section>
[Click here to see how to configure DNS](https://support.tracklution.com/kb/article/12/first-party-mode-dns "https://support.tracklution.com/kb/article/12/first-party-mode-dns")