Using Wisepops with a Content Security Policy

Lisa Fockens Updated by Lisa Fockens

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains involved on your website

Requests are issued to the following domains when using Wisepops on your website:

  • script-src: cdn.wisepops.com loader.wisepops.com
  • connect-src: activity.wisepops.com popup.wisepops.com tracking.wisepops.com
  • img-src: cdn.wisepops.com tracking.wisepops.com

Formatted as a CSP header (don't use it as is, but merge it with your existing header):

Content-Security-Policy: script-src cdn.wisepops.com loader.wisepops.com; connect-src activity.wisepops.com popup.wisepops.com tracking.wisepops.com; img-src cdn.wisepops.com tracking.wisepops.com

Don't hesitate to contact our support if you have any questions!

How did we do?

Vulnerability Reports & Bug Bounty Program

Datenschutz- und Cookie-Richtlinie

Contact