Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Content Security Policy blocking external script

  • 5 respostas
  • 0 have this problem
  • 7 views
  • Last reply by cor-el

more options

Hello,

I am experiencing an issue when accessing my website using Firefox on Mac.

The browser blocks the loading of an external Google Adsense script, logging the following error: "Content Security Policy: The page's settings blocked the loading of a resource". Here is an example URL:

https://www.varbes.com/

To my understanding, the site does not have a Content Security Policy ('CSP'). We don't send a CSP network header or in the HTML, so am at a bit of a loss as to how I debug this.

I don't see the same issue using Firefox on Windows, or with Chrome, Edge or Safari. I have performed a fresh install of Firefox on my Mac to make sure no extensions are causing the issue.

Other websites seem to be running the same AdSense code okay.

Any suggestions would be greatly appreciated.

Many thanks, Matt

Hello, I am experiencing an issue when accessing my website using Firefox on Mac. The browser blocks the loading of an external Google Adsense script, logging the following error: "Content Security Policy: The page's settings blocked the loading of a resource". Here is an example URL: https://www.varbes.com/ To my understanding, the site does not have a Content Security Policy ('CSP'). We don't send a CSP network header or in the HTML, so am at a bit of a loss as to how I debug this. I don't see the same issue using Firefox on Windows, or with Chrome, Edge or Safari. I have performed a fresh install of Firefox on my Mac to make sure no extensions are causing the issue. Other websites seem to be running the same AdSense code okay. Any suggestions would be greatly appreciated. Many thanks, Matt

All Replies (5)

more options

That data is probably blocked by ETP.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

more options

Hi cor-el,

Thanks for responding to my problem.

I have just tried the site with ETP turned off and am still seeing the scripts blocked on Firefox for Mac due to CSP violations - I don't see this on Firefox for Windows with ETP on or off.

I have attached a screenshot of the network and console log on Mac to show the difference. I have turned ETP off so the beacon tracking requests are allowed.

Many thanks, Matt

more options

For me that item is blocked by ETP and get a crossed shield with ETP disabled.

more options

The script doesn't look blocked in your latest screenshot - it is the third last item (120kb script from domain pagead2... with a file name 'show_ads_...'. This script is only blocked on Firefox for Mac browsers from my tests.

The request that is being blocked in your screenshot is a tracking request -- this is fine as it doesn't break the site functionality (but blocked the script does affect site functionality).

Thanks, Matt

more options

What I meant to show is that the two pagead2 you mention have the shield. I'm not sure why there is still one left as blocked by tracking when ETP is disabled via the shield. Firefox can replace some tracking related files by shimmed versions that have limited effect (i.e. they let the caller believe that it worked successful).