I have Matomo with HTTP security headers working on multiple domains.I've activated the plugin HTTP HEADERS and added a directive to "whitelist" Matomo script:
Policy Directive: script-src
Value: https://url-to-my-matomo/
Client: both
Dunno if this directive is correct (or another setting in the plugin) because as soon I activate the plugin, Matomo real-time traffic goes down to zero.
I do not use the plugin but added the Matomo script directly in my template.
In the plugin "System - HTTP Headers", on the "Content-Security-Policy (CSP)" tab, I've configured the matomo script:
Policy Directive: script-src
Value: 'self' 'unsafe-inline' my-own-domain.nl/matomo.js
Client: Site
(I've added the domain name without https:// )
If you use Chrome or Firefox, check the "Inspect" option, and then the "Console" to see any errors regarding not being able to load exernal (Matomo) scripts because of the CSP.
Statistics: Posted by pe7er — Sat Feb 17, 2024 5:38 pm