Content Security Policy (CSP)
A Content Security Policy (CSP) is an added layer of security that helps you detect and mitigate attacks on your web site. With other words a CSP controls which resources the user agent is allowd to load for a website.
To get CSP to work you need to configure your web server to return the CSP HTTP header
To get Matomo Tag Manager to work properly you need to use connect-src and
script-src.
You can read more on Mozillas website how to implement csp on your site
How to implement
In your Conent Security Policy (CSP) you need to first add connect-src and
script-src, if you not already are using them.
Then you need to add the url:s which are used to fetch data from your website to Matomo.
If a client is using Heatmaps and Session Recording, then we need to add
crossorgin="anonymous".
How do I fix CORS issue for Heatmap and Session Recording
Examples
A website with the url https://www.example.com and matomo.example.com is used to store the data on a server.
Then you need to add matomo.example.com to connect-src and script.src.