Caleb
Max Böckpolyfill.io was crazy huh, we just let a third party run any JS without even checking integrity. lol
anyway please add this snippet for google tag manager, marketing needs it
Frederic@mxbck It's super hard to implement a good Content-Security-Policy when people use GTM.
@frederic been down that road too. Frustrating to say the least 😅
Patrick HellerI wanted to build a service for that in 2018, but never did. But others did now.
https://csper.io/
https://developers.cloudflare.com/page-shield/policies/
I thought of a painful progress like:
- Hey, you added stuff via GTM and it will not work
- We blocked all that. Which are your requests and why do you need it -> documentation done
- Do the developers & management approve the adding of the new item?
If you force me to use jira, I will force you to request tracking stuff via a 10 step process.
GavG
Dave 🧱 
John
Richard Spenceley@mxbck I can do you one worse. Marketing have access to GTM and can add whatever they want...
Carey@Spence1115 @mxbck ... and everything they add shows up as a red thread-blocking bar in the browser's performance tools.
Max Fenton (defunct)
Claudio Zizza 🦜@mxbck wget http://some-website/install | sh
Emilis 🇺🇦@mxbck Google Tag Manager should be blocked at the ISP level. Convince me otherwise.
mirabilos