Using Lucky Orange with a Content Security Policy (CSP)
A common layer of security used by many websites is a Content Security Policy. These policies help prevent unauthorized access to website visitor data, and can help mitigate certain types of website attacks. If your website employs the use of a CSP, it will be important to whitelist the Lucky Orange tracking script in order for features like recordings, chat, and the heatmap tool to function properly.
Necessary policy additions:
|connect-src||https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com|
blob: directive is used to improve the performance of our code by performing certain actions within a web worker. The
googleapis.com directive is used as fallback in the rare event our own data ingestion pipeline is unavailable.