The Concept of Website CSP

To enhance security, websites define Content Security Policy (CSP), which allows website owners to restrict the content (script/styles/images, etc.) loaded on the page to only trusted (whitelisted) sources. It ensures that no malicious external asset can risk your business or customers by acting as an agent for a trusted website. 

What’s the Impact?

If you’ve defined a CSP for your website, wherein you declare (whitelist) your website content to be loaded from certain sources, then browsers will automatically reject content from sources other than what is defined. Under such circumstances, browsers will not allow VWO to load content on your website. This will impact the loading of variations that you’ve created in VWO.

Note: While having concerns about your website’s security is supremely significant, it is important to note that VWO running on your website intends to provide your visitors with the campaign experiences you've designed; VWO does not inject unwanted content into your website or gather any Personally Identifiable Information (PII). Check out our privacy policy for more clarity.

Resolution

To enable VWO to load variations on your website and generate previews for your variations, you need to whitelist VWO by updating the corresponding rules in your existing CSP. Precisely, you need to make changes to the CSP directives (if present). For more information, see Content Security Policy in VWO.

Need more help?

For more information or further assistance, contact VWO Support.