Comment on page

Content Security Policy

A common layer of security used by many websites is a Content Security Policy. These policies help prevent unauthorized access to website visitor data, and can help mitigate certain types of website attacks. If your website employs the use of a CSP, it will be important to whitelist the Lucky Orange tracking script in order for features like recordings, chat, and the heatmap tool to function properly.

Necessary policy additions

Directive
Value
connect-src
https://*.luckyorange.com
https://pubsub.googleapis.com
wss://*.visitors.live
script-src
https://tools.luckyorange.com
worker-src
blob:
Note: The blob: directive is used to improve the performance of our code by performing certain actions within a web worker. The googleapis.com directive is used as fallback in the rare event our own data ingestion pipeline is unavailable.