Using Wisepops with a Content Security Policy

Content Security Policy (CSP) is a widely supported Web security standard intended to prevent certain types of injection-based attacks by giving developers control over the resources loaded by their applications. If your website uses a CSP header or meta tag, you must adjust it to allow Wisepops to load and execute the required assets.

Wisepops domains requested from your website

Requests are issued to the following domains when using Wisepops on your website:

Directive	Involved domains
script-src	cdn.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net
connect-src	activity.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net
img-src	cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net
frame-src	notifications.wisepops.com wisepops.net

To make use of the JS callbacks feature in our builder, you need to allow unsafe-eval in the script-src directive. Alternatively, you can write the JS callback outside our builder.

Don't hesitate to contact our support if you have any questions!

Integrate Wisepops with Segment.com

Track clicks on your links using Google Analytics

Forbid Disposable or Free Emails in Your Signup Form

Create a Spin-the-Wheel Popup Without Collecting the User’s Email Address

Fire the Facebook/Meta Pixel When a form is Submitted