How to use Lucky Orange with a Content Security Policy (CSP)
To add an extra layer of security, many websites use a Content Security Policy. These policies prevent unauthorized access to website visitor data and help mitigate certain types of website attacks.
To use Lucky Orange on a website that employs a CSP, you will need to whitelist the Lucky Orange tracking script to allow for features to function properly, such as Chat, Dynamic Heatmaps and Session Recordings.
Necessary policy additions
| Directive | Value |
| connect-src | https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live |
| script-src | https://tools.luckyorange.com |
| worker-src | blob: |
Note: The blob: directive is used to improve the performance of our code by performing certain actions within a web worker. The googleapis.com directive is used as fallback in the rare event our own data ingestion pipeline is unavailable.