What is a Content Security Policy (CSP)?

A Content Security Policy (CSP) is a web standard that grants websites additional control over what locations a client browser is permitted to load resources from and what other sites are allowed to interact with a company's site. For example, a company could specify that any content is safe to load from their own domain, but that JavaScript libraries and scripts may only be loaded from a separate trusted, verified third party domains. Content Security Policies are a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).

How to Tell if Your Company Has a CSP

Usually the person who is responsible for placing the Qualified Javascript on your website will know if your company has a Content Security Policy in place already. If you install the Qualified Javascript snippet on your site and it appears to not function, odds are that you have a CSP in place. If you were to load your web page after the Qualified Javascript is installed and look at the developer console you'd see something like this:

A sample error in your browser developer console when loading your site

Configure your CSP to Allow Qualified

If your site has a Content Security Policy in place already, you'll need to update your CSP in the following ways to allow Qualified to successfully run on your site. PLEASE NOTE: There is no need to add new directives to your CSP. The sources for each directive only need to be added if your current CSP defines that directive.

Directive: connect-src
Directive: media-src
Directive: style-src
Directive: child-src
Directive: frame-src

Request a live demo

See Qualified in action on your website. Request a live demo and one of our reps will contact you immediately, or talk to us right now.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Free custom demo
Live on your site