(CSP) connect-src https://nikkomsgchannel

Question

Hope someone can shed some light on this because I have searched for months for an answer but to no avail.

I use a Content Security Policy on all my sites and record policy violations but constantly see attempts using connect-src for https://nikkomsgchannel

The entries look like this:

https://nikkomsgchannel/e?001600500058005b00330035006f0050002d0059005c005f005c00090051004

Does anyone else see this in their CSP violations? What is nikkomsgchannel? Should it be allowed connect-src access?

Thanks in advance.

score 5 · Answer 1 · answered Jun 07 '17 at 09:49

5

Requests to nikkomsgchannel appear to be due to a browser extension related to Trusteer Rapport [1][2]. Do not add it to connect-src as you have no control over what content gets injected. Just ignore it in your CSP reports.

answered Jun 07 '17 at 09:49

Anand Bhat

5,591
26
30

Thanks so much Anand, first proper answer I have found to the elusive nikkomsgchannel. Much obliged. – MitchellK Jun 08 '17 at 10:52

(CSP) connect-src https://nikkomsgchannel

1 Answers1