Content Security Policy

To ensure seamless integration and optimal functionality of our tools, customers must configure their Content Security Policy (CSP) to allow access to specific domains. This documentation page provides a list of the required endpoints, enabling customers to whitelist the necessary domains and maintain secure, uninterrupted access to our services.

For further details about CSP, visit this site: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

TMS

CSPs

• img-src on domains *.tagcommander.com and *.commander1.com

• script-src on domains *.tagcommander.com and *.commander1.com

• connect-src on domain *.commander1.com

• frame-src on domains *.tagcommander.com

CDN Hosting

Files are hosted on cdn.tagcommander.com and returns Javascript

This includes containers, Privacy, Cookies sync, MIX and DATA Javascripts

Credit Usage

https://manager.tagcommander.com/utils/hit.php , returns a pixel

Deduplication conversion collection

https://manager.tagcommander.com/dedup/report/ , returns a pixel

Deduplication customer journey set and get

https://*.commander1.com/dg3/ , returns Javascript

https://*.commander1.com/dc3/ , returns a pixel

Serverside Tracking v2

https://collect.commander1.com/events , returns a pixel

Serverside DataSave

https://manager.tagcommander.com/datasave/ , returns a pixel

Reach data collection

https://engage.commander1.com/reach , returns a pixel

Cookies Sync

CDN javascript hosting

https://sync.commander1.com , returns a pixel

TagPerformance data collection

CDN javascript hosting

https://engage.commander1.com/tagsperf, returns a pixel

Serverside Tracking v1 (deprecated)

https://serversideXXX.tagcommander.com/ , returns a pixel

https://serversideXXX.commander1.com/ , returns a pixel

Notice : in debug mode (tc_debug=1) returns some plain text ... not sure it's necessary to be mentionned as it should never be used in production

CMP

CSPs

• img-src on domains *.tagcommander.com and *.commander1.com and *.trustcommander.net

• script-src on domains cdn.tagcommander.com and cdn.trustcommander.net

• frame-src on cdn.tagcommander.com and cdn.trustcommander.net

• connect-src on domain *.commander1.com and *.trustcommander.net

Cookie scanner

• collection URL : //privacy.commander1.com/ctrust

Privacy consent collection

CDN javascript hosting

https://cdn.trustcommander.net (since may 2020)

https://manager.tagcommander.com/utils/privacyHit.php , returns a pixel

https://manager.commander1.com/privacyHit.php , returns a pixel

https://privacy.commander1.com/privacy-consent/ , returns a pixel

https://privacy.trustcommander.net/privacy-consent/ , returns a pixel

Campaign Analytics

CSPs

• img-src on domains *.commander1.com

• script-src on domains *.tagcommander.com

Offsite data collection

https://*.commander1.com/v3 , returns a pixel

https://*.commander1.com/c3 , returns a pixel

https://*.commander1.com/w3 , returns a pixel

Onsite data collection

CDN javascript hosting

https://*.commander1.com/s3 , returns a pixel

https://*.commander1.com/cs3 , returns a pixel

https://*.commander1.com/o3 , returns a pixel

Examples:

Note : the difference is the /mix/ in the URL for the first party tracking.

Enrichment & Segmentation

CSPs

• img-src on domains *.commander1.com

• script-src on domains *.tagcommander.com

• connect-src on domain *.commander1.com

Onsite data collection

CDN javascript hosting

https://engage.commander1.com/dms, returns a pixel