What is a Content Security Policy (CSP)?

A Content Security Policy (CSP) is a web standard that grants websites additional control over what locations a client browser is permitted to load resources from and what other sites are allowed to interact with a company's site. For example, a company could specify that any content is safe to load from their own domain, but that JavaScript libraries and scripts may only be loaded from a separate trusted, verified third party domains. Content Security Policies are a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).

How to Tell if Your Company Has a CSP

Usually the person who is responsible for placing the Qualified Javascript on your website will know if your company has a Content Security Policy in place already. If you install the Qualified Javascript snippet on your site and it appears to not function, odds are that you have a CSP in place. If you were to load your web page after the Qualified Javascript is installed and look at the developer console you'd see something like this:

A sample error in your browser developer console when loading your site

Configure your CSP to Allow Qualified

If your site has a Content Security Policy in place already, you'll need to update your CSP in the following ways to allow Qualified to successfully run on your site. PLEASE NOTE: There is no need to add new directives to your CSP. The sources for each directive only need to be added if your current CSP defines that directive.

Directive: connect-src
Sources
:
     https://*.qualified.com
     wss://*.qualified.com
     https://*.twiliocdn.com
     https://*.twilio.com
     wss://*.twilio.com
Directive: img-src
Sources
:
     data:
     https://qualified-production.s3.amazonaws.com
     https://*.qualified.com
Directive: font-src
Sources:
     https://*.qualified.com
Directive: media-src
Sources:
     mediastream:
     https://*.qualified.com
Directive: style-src
Sources:
     'unsafe-inline'
      https://*.qualified.com
Directive: child-src
Sources:
     https://*.qualified.com

Request a Live Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.