We are using NWebsec on our IIS ASP.NET webseite. All fine and dandy, but maintaining all the Google domains for Google Analytics is a bit a pain. It seems that for every country that a user is, a different Google domain is used:
<connect-src self="true">
<add source="www.google.com" />
<add source="www.google.de" />
<add source="www.google.en" />
<add source="www.google.com.br" />
</connect-src>
Now, obviously we could just try to add as many of them as possible, but that is very cumbersome. Have not tried a Wildcard for the top-level domain, but to me www.google.* seems like opening the floodgates for bad domains like www.google.ihackyou.com
Any ideas?
There's a list provided by Google https://www.google.com/supported_domains