Content-Security-Policy

With the Content-Security-Policy header you can control which scripts are allowed to run on a page; if you’re not using this header then you can ignore this page.

For the standard integration you’ll need to add the following:

script-src  https://gc.zgo.at
connect-src https://MYCODE.goatcounter.com/count

The script-src is needed to load the count.js script, and the connect-src is needed to send pageviews to GoatCounter via navigator.sendBeacon.

Alternatively you can host the count.js script anywhere you want, or include it directly in your page. See count.js hosting.

Questions or problems?

Feel free to get in touch if you’ve got any questions or having any problems; a lot of times they can be resolved without too much problems.

Ways to contact me: show