aixlabDocs
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. aixlabDocs
  2. /
  3. Products
  4. /
  5. Cloudflare
  6. /
  7. Cloudflare Pages
  8. /
  9. Web Analytics

Web Analytics

One minute to read Analytics cloud cloudflare Content-Security-Policy CSP HTTP Header website

Sites proxied through Cloudflare

  1. Log in to the Cloudflare dashboard, and select your account.
  2. Select the Analytics & Logs drop-down and choose Web Analytics.
  3. Under Quick Actions, select Add a site.
  4. Select a hostname from the drop-down menu > Done.

Your website is now using Web Analytics through the automatic setup, which is enabled by default.

based on cloudflare

Problem when integrating analytics direcly via page setup

If the integration of web analytics takes place directly via cloudflare pages, the script seems to be passed without the security-relevant hash in the integrity directive.

Sample code for the embedded java script code.

<script defer 
    src="https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816" 
    integrity="sha512-jGCTpDpBAYDGNYR5ztKt4BQPGef1P0giN6ZGVUi835kFF88FOmmn8jBQWNgrNd8g/Yu421NdgWhwQoaOPFflDw==" 
    data-cf-beacon='{
        "rayId":"7d5acfd98825cadd",
        "version":"2023.4.0",
        "r":1,
        "token":"350831e1b3de440ba368ef1f0f760fdd","si":100}' 
        crossorigin="anonymous">
</script>

Content-Security-Policy Configuration

If web analytics is activated, the domain static.cloudflareinsights.com must be added for scripts in the HTTP response header Content-Security-Policy:

Sample for the CSP

Content-Security-Policy: default-src ‘self’ static.cloudflareinsights.com;