Google Adsense GDRP prompt doesn't show correctly
After implementing Googles required GDRP prompt, your users might not see it correctly
The issue
Background
To meet with new GDPR requirements, EU (EEA anf UK) resident's needs to consent to seeing advertisements starting early 2024 or ads will not be displayed in those regions
If you're using Google Adsense, you'll most likely end up implement Google's own EU prompt (GDPR). Otherwise you'll need to either use a Google Certified CMP or stop serving ads to EU users
Google also offer CPRA (California, USA), LGPD (Brazil) and Ad blocking recovery (message if adblocker is detected)
Cause
If you're using CSP (Content Security Policy) and especially if you set it up to be strict, there's a big chance not all URL have been added to the allow list
Once we implemented the GDRP notice ourselves, we saw in the browsers DevTools that below URL's where flagged as "Refused to load the ..."
- https://fonts.googleapis.com [style-scr]
- https://lh3.googleusercontent.com [img-src]
- https://fonts.gstatic.com [font-src]
Solution
Add missing CSP rules
In nginx (our example will be based on) or apache, you'll need to add these additional URL's to the except list
Open up the config where you have your CSP rules, it's normaly in either nginx.conf or conf.d/yoursite.conf, if you have a site specific config
Here you need to add the URL that was listed in DevTools with "Refused to load the ...", for us that were three URLS and they need to be added to the area they are needed in
[snippet]add_header Content-Security-Policy "default-src 'self'; style-src https://*.googleapis.com; img-src 'self' https://*.googleusercontent.com; font-src https://*.gstatic.com;[/snippet]
You probably have lots of rules in here already, so all we need to do is just add the missing URLs to the correct area
Reload nginx/apache
After you have adjusted the config, it's important that you reload nginx/apache for the changes to take affect
nginx in CentOS
[snippet]sudo systemctl reload nginx[/snippet]
Command can vary slight depending what operating system you're running. If in doubt, please reference your system
Loads correctly
Now the GDRP message should be displayed correctly
Should you still have issues, verify DevTools that you didn't miss anything and that nginx/apache was reloaded
Ad blocking recovery
Once you're add the GDPR message, you might be tempted to also add Ad blocking recovery. We did and found out this also add an additional URL we need to exempt in CSP
- https://fundingchoicesmessages.google.com
Tags: #CSP #Adsense #nginx #apache