Skip to main content

Using Wisepops with a Content Security Policy

Updated over 2 weeks ago

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header or meta tag, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains requested from your website

Requests are issued to the following domains when using Wisepops on your website:

Directive

Involved domains

script-src

  • cdn.wisepops.com

  • app.getwisp.co

  • wisepops.net

  • cdn.wisepops.net

connect-src

  • activity.wisepops.com

  • tracking.wisepops.com

  • app.getwisp.co

  • wisepops.net

img-src

  • cdn.wisepops.com

  • tracking.wisepops.com

  • dx4nr741tfc02.cloudfront.net

  • wisp-production-storage.s3.amazonaws.com

  • cdn.wisepops.net

  • assets.wisepops.net

frame-src

  • notifications.wisepops.com

  • wisepops.net

To make use of the JS callbacks feature in our builder, you need to allow unsafe-eval in the script-src directive. Alternatively, you can write the JS callback outside our builder.

Don't hesitate to contact our support if you have any questions!

Did this answer your question?