CF Beacon XSS & Caching
Hi!
If I assumed correctly
https://static.cloudflareinsights.com/beacon.min.js/ is added for analytics when I enable Web Page Analytics.
For my website I enabled the Cloudflare standard Security Ruleset which includes the XSS protections. But in the console I now see:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/XYZ. (Reason: CORS request did not succeed). Status code: (null).
At the same time, when I do Lighthouse analytics it suggests: Serve static assets with an efficient cache policy for the beacon specifically.
How do I square this circle, what are the best practices for this beacon?
(My apologies if this is the wrong forum, could not decide between General and Pages)1 Reply
Managed to fix this with good CSP policies and noticed Firefox has some special features that make it funny. But I learned some stuff 😄