Skip to main content
All CollectionsLegal & securitySecurity
Using Wisepops with a Content Security Policy
Using Wisepops with a Content Security Policy
Updated over a month ago

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header or meta tag, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains requested from your website

We're changing our domains
โ€‹
There are a lot of domains to allow because we're about to migrate them. The following list contains our legacy domains and future domains. By authorizing all of them, your campaigns will keep running without interruption.

Requests are issued to the following domains when using Wisepops on your website:

Directive

Involved domains

script-src

  • cdn.wisepops.com

  • loader.wisepops.com

  • app.getwisp.co

  • wisepops.net

  • cdn.wisepops.net

connect-src

  • activity.wisepops.com

  • popup.wisepops.com

  • tracking.wisepops.com

  • app.getwisp.co

  • wisepops.net

img-src

  • cdn.wisepops.com

  • tracking.wisepops.com

  • dx4nr741tfc02.cloudfront.net

  • wisp-production-storage.s3.amazonaws.com

  • cdn.wisepops.net

  • assets.wisepops.net

frame-src

  • notifications.wisepops.com

  • wisepops.net

To make use of the JS callbacks feature in our builder, you also need to allow unsafe-eval in the script-src directive.

Don't hesitate to contact our support if you have any questions!

Did this answer your question?