A Content Security Policy (CSP) is a web standard that grants websites additional control over what locations a client browser is permitted to load resources from and what other sites are allowed to interact with a company's site. For example, a company could specify that any content is safe to load from their own domain, but that JavaScript libraries and scripts may only be loaded from separate trusted, verified third-party domains. Content Security Policies are a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).
How to Tell if Your Company Has a CSP
Usually the person who is responsible for placing the Qualified JavaScript on your website will know if your company has a Content Security Policy in place already. If you install the Qualified Javascript snippet on your site and it appears to not function, odds are that you have a CSP in place. If you were to load your web page after the Qualified Javascript is installed and look at the developer console, you'd see something like this:
Configure your CSP to Allow Qualified
If your site has a Content Security Policy in place already, you'll need to update your CSP in the following ways to allow Qualified to successfully run on your site.
Note: There is no need to add new directives to your CSP. The sources for each directive only need to be added if your current CSP defines that directive.
Directive: connect-src Sources: https://*.qualified.com wss://*.qualified.com Directive: media-src Sources: mediastream: https://*.qualified.com Directive: style-src Sources: 'unsafe-inline' https://*.qualified.com Directive: child-src Sources: https://*.qualified.com Directive: frame-src Sources: https://*.qualified.com