Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header or meta tag, you must adjust it to allow Wisepops to load and execute the required assets.
Wisepops domains requested from your website
Requests are issued to the following domains when using Wisepops on your website:
Directive | Involved domains |
script-src |
|
connect-src |
|
img-src |
|
frame-src |
|
Other special directives
To make use of the JS callbacks feature in our builder, you need to allow unsafe-eval in the script-src directive. Alternatively, you can write the JS callback outside our builder.
βWisepops relies on inline styling. If your CSP declares a
style-src
directive that doesn't allowunsafe-inline
, you need to support the nonce CSP allowlisting method, and provide the nonce attribute in our setup code, in the<script>
tag. Wisepops will take care of copying thisnonce
attribute to the inline style tags.
Don't hesitate to contact our support if you have any questions!