Google analytics.js and Content Security Policy

Question

I have a web app using the default html5boilerplate Content Security Policy.

However, we have the new Google analytics.js snippet on the page, which is being blocked by

Answer 1

your .htaccess solution should be all correct.

why should you brake the (clientside) asynchronous nature of it ?

in the browser console you will see which requests to which hosts are blocked, if there are any blocked request from gugl while surfing the page you can add the hostname to your policy-setting