Content Security Policy
Last updated
Last updated
A common layer of security used by many websites is a . These policies help prevent unauthorized access to website visitor data, and can help mitigate certain types of website attacks. If your website employs the use of a CSP, it will be important to whitelist the Lucky Orange tracking script in order for features like recordings, chat, and the heatmap tool to function properly.
Directive
Value
connect-src
https://*.luckyorange.com
https://pubsub.googleapis.com
wss://*.visitors.live
script-src
https://tools.luckyorange.com https://storage.googleapis.com/lucky-orange-public/heatmap2/*
worker-src
blob:
Note: For most sites, the additions in the table above will be enough. However, if you notice live chat, surveys, or announcements that are not being triggered and you aren't able to see live visitors, you may need to add the below additional value to the connect-src directive. You can check for errors in the console of the tracked site or reach out to Lucky Orange support if you are unsure.
wss://realtime.luckyorange.com/mqtt