This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# CSP definition for Nginx which leverages $server_name | |
# Purpose: One CSP-Header for all vhosts | |
# Installation | |
# Include this into each server directive in the nginx.conf | |
# Note | |
# Check out the script to send a Google Analytics Event and Email upon CSP violation is triggered | |
# https://github.com/mikeg-de/CSP-Violation-Google-Analytics-Email |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* The scripts purpose is to identify internal traffic but it might be used to verify if a user has visited a certain website. | |
* By assuming a user visited website A, resources or connection information like DNS or SSL get's cached. | |
* Leveraging the HTML5 Resource Timing API (https://www.w3.org/TR/resource-timing/) a known resources get's attached to the DOM. | |
* If the resource or it's connection information was already cached the following metrics should be zero: | |
* domainLookupStart, domainLookupEnd, connectStart, connectEnd, requestStart, responseStart | |
* | |
* This script is extended with Google Tag Manager events to track the findings. Later I will elaborate to implement the userID. | |
*/ | |
var imageCheck = document.createElement("img"); |