Using Wisepops with a Content Security Policy

Lisa Fockens Updated by Lisa Fockens

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains involved on your website

Our domains are being changed. The following domains list is long because it currently contains everything to be compatible before and after a migration. By authorizing both our legacy domains and future domains, you don't have to update again your CSP when we do the switch.

Requests are issued to the following domains when using Wisepops on your website:

  • script-src: cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net
  • connect-src: activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net
  • img-src: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net

Formatted as a CSP header (don't use it as is, but merge it with your existing header):

Content-Security-Policy: script-src cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net; connect-src activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net; img-src cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net

Don't hesitate to contact our support if you have any questions!

How did we do?

Vulnerability Reports & Bug Bounty Program

Datenschutz- und Cookie-Richtlinie

Contact