Ask your own question.

Someone from our team or the Crisp community will answer publicly.

We will ask your email to let you know when an answer is published.

Thanks! We will let you know when an answer is published.

Tell us why you are not satisfied.

Tell us how we can improve, and what is missing.

We will answer if we need more details, and improve this help section.

Thanks! We will get back to you if we need more information.

How to adjust my CSP policy for Crisp?

In case you are using a CSP policy (Content Security Policy) on your website, the Crisp chatbox will not work out of the box. You will need to add Crisp domains to your Content Security Policy rules.

Loose CSP Policy

This is the policy we recommend, as it will allow you to support any future Crisp domain update.

You can find below the wildcard domain ranges Crisp uses:

  • https://* (JS, CSS, fonts, images, frames)
  • wss://* (WebSocket)

Strict CSP Policy

This policy may be updated anytime in the future. You may use the loose CSP policy rather if you want to avoid any problem if we update a domain in the future.

In case your website requires strict CSP policies, you may allow the following domains:

  • (JS, CSS, fonts, images)
  • (images)
  • (frames)
  • wss:// (WebSocket)

Also, make sure to add unsafe-inline to your style-src policy (if any).

Please note that Crisp also embeds Youtube, Vimeo and Dailymotion video links in the chatbox. You may adjust your CSP rules to allow domains from those services accordingly.

Valerian Saliou
Was this article helpful?YesNo
Thanks! 👍
Don’t find what you are looking for?

Ask your own question.

Ask Now