A Content Security Policy (CSP), is a browser security feature that tells the browser which sources are allowed to load scripts, styles, fonts, images, and network requests on a website. As a result, websites with a strict CSP only allow code from trusted domains.
CSP helps protect against attacks like cross site scripting by blocking anything that is not explicitly allowed.
Triggerbee and CSP Compatibility
Triggerbee runs on your website through a JavaScript tracking script. For Triggerbee to work, your Content Security Policy must allow the Triggerbee tracker to load and send data.
Whitelist this domain:
https://t.myvisitors.se
CSP Whitelisting rules for maximum compatibility
Directive | Keyword | Source |
|
| |
|
| |
|
| |
|
| |
|
|
Full example:
<meta http-equiv="Content-Security-Policy"
content="
script-src 'self' https://t.myvisitors.se;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://widget-resources.triggerbee.com https://privacypolicy.trgr.be;
connect-src 'self' https://t.myvisitors.se https://site-gw.triggerbee.com https://widget-resources.triggerbee.com https://privacypolicy.trgr.be;
font-src 'self' https://fonts.gstatic.com https://widget-resources.triggerbee.com;
">
Triggerbee features affected by strict CSP
All core Triggerbee functionality works with CSP enabled, except for these features:
Feature | Affected areas / components |
Javascript targeting | One session targeting condition |
Action script execution | All components with "Execute script" as Action. (Deadline, buttons, submit buttons, button choices, radio buttons, checkboxes) |
Custom scripts in campaigns | Custom scripts in campaigns |
Custom code in campaigns | Using custom code as a component in campaigns |
Everything else works normally as long as the Triggerbee tracker domain is whitelisted in your CSP configuration.
Do I need to do anything?
In most cases, no. You only need to take action if:
Your site uses a strict Content Security Policy
You plan to use JavaScript based targeting or custom code
Triggerbee campaigns do not load or behave as expected
If so, your developer needs to whitelist the Triggerbee tracker domain.
FAQ
Does Triggerbee require CSP to be enabled?
No. CSP is optional and controlled by your website setup, not by Triggerbee.
Will CSP break my Triggerbee campaigns?
Not in normal use. Standard campaigns, forms, promotions, and tracking work as long as the Triggerbee tracker is allowed. Only features that rely on custom JavaScript can be affected by strict CSP rules.
Can I configure CSP inside Triggerbee?
No. CSP is configured on your website, server, CDN, or platform.
How do I know if my site has a strict CSP?
There is no easy way to tell from the outside. If this is new to you, your site most likely does not use a strict CSP. To be sure, ask your developer or website provider.