Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks, as defined by the wikipedia article.
There are multiple ways to achieve this, the steps below use "nonce" keyword to whitelist the script block.
- Make sure the server response header contains the following:
Content-Security-Policy: script-src 'self' cdn.split.io 'nonce-swfT4W3546RtDw4';
<script nonce="swfT4W3546RtDw4"> ... </script>
The nonce key is any random characters generated, just make sure the response and script tags keys are matched.