Refused to load script https://assets.onedollarstats.com/stonks.js
because
it violates the following Content Security Policy directive…
Troubleshooting
Script installed, but the dashboard is empty?
If you see browser console errors like:
or
Refused to connect to https://collector.onedollarstats.com/events
because it
violates the following Content Security Policy directive…
…it means your website uses a Content Security Policy (CSP), and it currently blocks our scripts or analytics.
✅ Solution
Update your CSP configuration to allow our domains.
You can do this via:
- A
<meta>
tag in your HTML - Hosting platform settings
- Your web framework (e.g., Next.js, Express, etc.)
Make sure to include:
script-src
: allowassets.onedollarstats.com
connect-src
: allowcollector.onedollarstats.com
Wildcard subdomains (*.onedollarstats.com
) are also supported and recommended.
Example using a meta tag:
<meta
http-equiv="Content-Security-Policy"
content="
default-src 'self';
script-src 'self' *.onedollarstats.com;
connect-src 'self' *.onedollarstats.com;
"
/>
Events are sent, but the chart is empty?
If events appear in your browser’s network tab but don’t show up in the dashboard, an ad blocker might be interfering.
Some blockers target our /events
endpoint, even when it’s on your own domain.
✅ Solution
Disable ad blockers for onedollarstats.com. We’re currently exploring ways to avoid this issue in the future and will implement a solution as soon as possible.
Still stuck?
Join our Discord or email us at [email protected]