CF Beacon XSS & Caching

Hi! If I assumed correctly https://static.cloudflareinsights.com/beacon.min.js/ is added for analytics when I enable Web Page Analytics. For my website I enabled the Cloudflare standard Security Ruleset which includes the XSS protections. But in the console I now see: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/XYZ. (Reason: CORS request did not succeed). Status code: (null). At the same time, when I do Lighthouse analytics it suggests: Serve static assets with an efficient cache policy for the beacon specifically. How do I square this circle, what are the best practices for this beacon? (My apologies if this is the wrong forum, could not decide between General and Pages)
1 Reply
MrSteel
MrSteelOP•2mo ago
Managed to fix this with good CSP policies and noticed Firefox has some special features that make it funny. But I learned some stuff 😄
Want results from more Discord servers?
Add your server