Improvement
Jul 6, 2025

Enhanced content security policy enforcement & simplified image policy

Enhanced content security policy enforcement & simplified image policy

For all store admins & integration partners:

What’s new

Content-Security-Policy (CSP) enforced

  • We now send the header Content-Security-Policy (not report-only). We informed in change log about the upcoming enforcement in 2024 and have used read-only parameter since then for transition period.

  • Mixed-content rule switched to upgrade-insecure-requests; – secure by default.

Simplified image policy

  • img-src is relaxed to 'self' data: https:.

  • No more country-specific Google host list to maintain.

Google Tag Manager support

Live policy reports

Action required for new integrations

  • Add your domains up-front – any script, iframe, websocket or font from an unlisted host is blocked by default.

Send the hostnames and required directive (script-src, connect-src, etc.) to DevOps before launching.Forgot to add it?


The request is blocked, you’ll see it in the browser console and our “URL block” dashboard.
We can auto-whitelist the domain afterwards, but the service stays offline until someone updates the policy.

Why this is good news
• Tighter security – prevents malicious third-party content and data-leak beacons.
• Zero mixed-content warnings – browsers silently upgrade insecure links.
• Faster issue tracing – one CSP violation report pinpoints exactly what broke.

Take a moment to review any custom plugins or marketing tags you plan to add. Send us the host list early and you’re good to go!

GDPR

COMPLIANT

Future-proof eCommerce built in the EU

AI Commerce Cloud is developed and hosted within the EU, fully compliant with GDPR and all relevant regulations.

English
AI Commerce Cloud

FI3180370-3

Ranta-Tampellan Katu 17 33180 Tampere, Finland

info@aicommerce.fi

© 2025 AI Commerce Cloud. All rights reserved.

GDPR

COMPLIANT

Future-proof eCommerce built in the EU

AI Commerce Cloud is developed and hosted within the EU, fully compliant with GDPR and all relevant regulations.

English
AI Commerce Cloud

FI3180370-3

Ranta-Tampellan Katu 17 33180 Tampere, Finland

info@aicommerce.fi

© 2025 AI Commerce Cloud. All rights reserved.

GDPR

COMPLIANT

Future-proof eCommerce built in the EU

AI Commerce Cloud is developed and hosted within the EU, fully compliant with GDPR and all relevant regulations.

English
AI Commerce Cloud

FI3180370-3

Ranta-Tampellan Katu 17 33180 Tampere, Finland

info@aicommerce.fi

© 2025 AI Commerce Cloud. All rights reserved.