Using Wisepops with a Content Security Policy

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header or meta tag, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains requested from your website

We're changing our domains
There are a lot of domains to allow because we're about to migrate them. The following list contains our legacy domains and future domains. By authorizing all of them, your campaigns will keep running without interruption.

Requests are issued to the following domains when using Wisepops on your website:

Directive	Involved domains
script-src	cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net
connect-src	activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net
img-src	cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net
frame-src	notifications.wisepops.com wisepops.net

To make use of the JS callbacks feature in our builder, you also need to allow unsafe-eval in the script-src directive.

Don't hesitate to contact our support if you have any questions!

Vulnerability Reports & Bug Bounty Program

Troubleshooting: Why isn't my campaign appearing?