1 of 1

Content Security Policy

To ensure seamless integration and optimal functionality of our tools, customers must configure their Content Security Policy (CSP) to allow access to specific domains. This documentation page provides a list of the required endpoints, enabling customers to whitelist the necessary domains and maintain secure, uninterrupted access to our services.

For further details about CSP, visit this site: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

TMS

CSPs

img-src on domains *.tagcommander.com and *.commander1.com
script-src on domains *.tagcommander.com and *.commander1.com
connect-src on domain *.commander1.com
frame-src on domains *.tagcommander.com

CDN Hosting

Files are hosted on cdn.tagcommander.com and returns Javascript

This includes containers, Privacy, Cookies sync, MIX and DATA Javascripts

Credit Usage

https://manager.tagcommander.com/utils/hit.php , returns a pixel

Deduplication conversion collection

https://manager.tagcommander.com/dedup/report/ , returns a pixel

Deduplication customer journey set and get

https://*.commander1.com/dg3/ , returns Javascript

https://*.commander1.com/dc3/ , returns a pixel

Cookies Sync

CDN javascript hosting

https://sync.commander1.com , returns a pixel

TagPerformance data collection

CDN javascript hosting

https://engage.commander1.com/tagsperf, returns a pixel

Serverside Tracking v1 (deprecated)

https://serversideXXX.tagcommander.com/ , returns a pixel

https://serversideXXX.commander1.com/ , returns a pixel

Notice : in debug mode (tc_debug=1) returns some plain text ... not sure it's necessary to be mentionned as it should never be used in production

CMP

CSPs

img-src on domains *.tagcommander.com and *.commander1.com and *.trustcommander.net
script-src on domains cdn.tagcommander.com and cdn.trustcommander.net
frame-src on cdn.tagcommander.com and cdn.trustcommander.net
connect-src on domain *.commander1.com and *.trustcommander.net

collection URL : //privacy.commander1.com/ctrust

CDN javascript hosting

https://cdn.trustcommander.net (since may 2020)

https://manager.tagcommander.com/utils/privacyHit.php , returns a pixel

https://manager.commander1.com/privacyHit.php , returns a pixel

https://privacy.commander1.com/privacy-consent/ , returns a pixel

https://privacy.trustcommander.net/privacy-consent/ , returns a pixel

Campaign Analytics

CSPs

img-src on domains *.commander1.com
script-src on domains *.tagcommander.com

Offsite data collection

https://*.commander1.com/v3 , returns a pixel

https://*.commander1.com/c3 , returns a pixel

https://*.commander1.com/w3 , returns a pixel

Onsite data collection

CDN javascript hosting

https://*.commander1.com/s3 , returns a pixel

https://*.commander1.com/cs3 , returns a pixel

https://*.commander1.com/o3 , returns a pixel

Examples:

Tracking type: First

Format URL: https://<customer_domain>/mix/cs3/?

Full example: https://clientdomain.com/mix/cs3/?tcs=1234&rand=0.21688868283799656&chn=SEO&src=google&site=AlvieroMartini&cty=it&dev=d&ref=https://www.google.com/

Tracking type: Third

Format URL: https://<customer_domain>/cs3/?

Full example: https://customer.commander1.com/cs3/?tcs=1234&chn=SEO&src=google&cty=it&dev=d

Note : the difference is the /mix/ in the URL for the first party tracking.

Enrichment & Segmentation

CSPs

img-src on domains *.commander1.com
script-src on domains *.tagcommander.com
connect-src on domain *.commander1.com

Onsite data collection

CDN javascript hosting

https://engage.commander1.com/dms, returns a pixel

Content Security Policy

For further details about CSP, visit this site: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

TMS

CSPs

img-src on domains *.tagcommander.com and *.commander1.com
script-src on domains *.tagcommander.com and *.commander1.com
connect-src on domain *.commander1.com
frame-src on domains *.tagcommander.com

CDN Hosting

Files are hosted on cdn.tagcommander.com and returns Javascript

This includes containers, Privacy, Cookies sync, MIX and DATA Javascripts

Credit Usage

https://manager.tagcommander.com/utils/hit.php , returns a pixel

Deduplication conversion collection

https://manager.tagcommander.com/dedup/report/ , returns a pixel

Deduplication customer journey set and get

https://*.commander1.com/dg3/ , returns Javascript

https://*.commander1.com/dc3/ , returns a pixel

Serverside Tracking v2

https://collect.commander1.com/events , returns a pixel

Serverside DataSave

https://manager.tagcommander.com/datasave/ , returns a pixel

Reach data collection

https://engage.commander1.com/reach , returns a pixel

Cookies Sync

CDN javascript hosting

https://sync.commander1.com , returns a pixel

TagPerformance data collection

CDN javascript hosting

https://engage.commander1.com/tagsperf, returns a pixel

Serverside Tracking v1 (deprecated)

https://serversideXXX.tagcommander.com/ , returns a pixel

https://serversideXXX.commander1.com/ , returns a pixel

Notice : in debug mode (tc_debug=1) returns some plain text ... not sure it's necessary to be mentionned as it should never be used in production

CMP

CSPs

img-src on domains *.tagcommander.com and *.commander1.com and *.trustcommander.net
script-src on domains cdn.tagcommander.com and cdn.trustcommander.net
frame-src on cdn.tagcommander.com and cdn.trustcommander.net
connect-src on domain *.commander1.com and *.trustcommander.net

collection URL : //privacy.commander1.com/ctrust

CDN javascript hosting

https://cdn.trustcommander.net (since may 2020)

https://manager.tagcommander.com/utils/privacyHit.php , returns a pixel

https://manager.commander1.com/privacyHit.php , returns a pixel

https://privacy.commander1.com/privacy-consent/ , returns a pixel

https://privacy.trustcommander.net/privacy-consent/ , returns a pixel

Campaign Analytics

CSPs

img-src on domains *.commander1.com
script-src on domains *.tagcommander.com

Offsite data collection

https://*.commander1.com/v3 , returns a pixel

https://*.commander1.com/c3 , returns a pixel

https://*.commander1.com/w3 , returns a pixel

Onsite data collection

CDN javascript hosting

https://*.commander1.com/s3 , returns a pixel

https://*.commander1.com/cs3 , returns a pixel

https://*.commander1.com/o3 , returns a pixel

Examples:

Tracking type: First

Format URL: https://<customer_domain>/mix/cs3/?

Full example: https://clientdomain.com/mix/cs3/?tcs=1234&rand=0.21688868283799656&chn=SEO&src=google&site=AlvieroMartini&cty=it&dev=d&ref=https://www.google.com/

Tracking type: Third

Format URL: https://<customer_domain>/cs3/?

Full example: https://customer.commander1.com/cs3/?tcs=1234&chn=SEO&src=google&cty=it&dev=d

Note : the difference is the /mix/ in the URL for the first party tracking.

Enrichment & Segmentation

CSPs

img-src on domains *.commander1.com
script-src on domains *.tagcommander.com
connect-src on domain *.commander1.com

Onsite data collection

CDN javascript hosting

https://engage.commander1.com/dms, returns a pixel

Content Security Policy

TMS

CSPs

CDN Hosting

Credit Usage

Deduplication conversion collection

Deduplication customer journey set and get

Serverside Tracking v2

Serverside DataSave

Reach data collection

Cookies Sync

TagPerformance data collection

Serverside Tracking v1 (deprecated)

CMP

CSPs

Cookie scanner

Privacy consent collection

Campaign Analytics

CSPs

Offsite data collection

Onsite data collection

Enrichment & Segmentation

CSPs

Content Security Policy

TMS

CSPs

CDN Hosting

Credit Usage

Deduplication conversion collection

Deduplication customer journey set and get

Serverside Tracking v2

Serverside DataSave

Reach data collection

Cookies Sync

TagPerformance data collection

Serverside Tracking v1 (deprecated)

CMP

CSPs

Cookie scanner

Privacy consent collection

Campaign Analytics

CSPs

Offsite data collection

Onsite data collection

Enrichment & Segmentation

CSPs