Reviewing domains can help you manage what gets loaded onto your website by implementing a Content Security Policy.
Navigate to any of these three pages:
- Tag & Content Governance - Service Profiles
- Services & CSP Management - Overview
- Services & CSP Management - CSP Manager
Near the top, you'll see a "Review All Domains" button. Click the button to open a modal listing the domains associated with your Service Profiles.
Once the modal has opened and the data has loaded, you'll see a view of the domains associated with your Service Profiles, along with more information pertaining to each domain.
Each domain can be audited (approved or rejected) by a user who has been designated as a Security Admin or Tag Management Admin. Domains that have a green background have been approved by both admins, while those with a red background have been rejected by both admins. Domains with a yellow background or no background color are in a "pending" state, meaning they have yet to be fully approved or full rejected by both admins.
Across the top of the modal, you can see counts of all domains, approved domains, rejected domains, and pending domains. The top right button that looks like an X can be clicked to close the modal, while the button next to it can be clicked to make the modal full-screen.
On the far left side of the domain row, the trash icon can be clicked to delete any domain (available only to Security & Tag Management Admins).
The number referenced under the "% of BTT (Blue Triangle Tech) Index" header refers to the percentage of time that a domain is found by Blue Triangle on the top 6,000 sites on the internet. The BTT Index is a performance ranking, where we measure the top 6,000 sites on a continuous basis. This rich data set allows us to measure how often a domain is used in the industry.
Under the "Observed With" header, you may see a checkmark under RUM and/or SYNTH. If there is a checkmark under RUM, that domain was observed in Real User Monitoring data within the last 24 hours. If there is a checkmark under SYNTH, that domain was observed in Synthetic Monitoring data within the last 24 hours.
The "Security Admin Approval" and "Tag Management Admin Approval" headers indicate whether domains have been audited by either admin. If a checkbox under the green checkmark is filled in, that domain has been approved by the respective admin. If a checkbox under the red X is filled in, that domain has been rejected by the respective admin. All domain audits will be logged.
The "Imported From Security Application" header indicates whether that domain information was provided by a vendor when surveyed with a Service Security Application.
The "Associated Domains" header displays each domain name, as well the icon for the Service it is associated with. Hovering over that icon will display the Service Name. Asterisks act as wildcards, so any domain names preceded with a "*." will reference all hosts for that domain. Most of these domains are configured on an account-level, meaning that the configurations for those domains are inherited by all of your sites. However if a specific site requires different configurations, those domains will be indicated as Site-Level Overrides with an "S" inside a circular blue badge.
The "Source Types" header indicates what types of files each domain is allowed to load. This is only pertinent when using these domains to implement a Content Security Policy.
- If the domain can load all file types and all of the fetch directive boxes are checked, the ALL box should be checked.
- If the domain can load stylesheet files, check the CSS box.
- If the domain can load image and favicon files, check the IMG box.
- If the domain can load font files, check the FONT box.
- If the domain can be loaded using script interfaces, check the CONNECT box.
- If the domain can be loaded through the <object>, <embed>, or <applet> HTML tags, check the OBJECT box.
- If the domain can be loaded from Worker, SharedWorker, or ServiceWorker scripts, check the WORKER box.
Making any changes to source types will reset that domain's audit and require reapproval by both admins.
Use the pagination controls to navigate through all the domains, as there could be hundreds per site. Use the search box to filter the rows by domain name and Service name. The "Export" button in the far right near the top can be clicked to export the list of domains as a .csv or .tsv file. The button next to it can be clicked to toggle whether the modal is "Showing Only Observed Domains" or "Showing All Domains". "Showing Only Observed Domains" filters the rows to show domains that either have a checkmark under "Observed With RUM/SYNTH" or are approved/rejected/pending. This is the default view when first opening the modal.
If any changes are made to source types, approvals, or rejections, the background color of the domain row will turn blue. Clicking the "Save Changes" button will save all the domains that have new configurations. Clicking the "Reset" button will discard all changes and reload the domains as they initially appeared.
Please sign in to leave a comment.