Using Lucky Orange with a Content Security Policy (CSP)

A common layer of security used by many websites is a Content Security Policy. These policies help prevent unauthorized access to website visitor data, and can help mitigate certain types of website attacks. If your website employs the use of a CSP, it will be important to whitelist the Lucky Orange tracking script in order for features like recordings, chat, and the heatmap tool to function properly.

Necessary policy additions:

connect-src https://settings.luckyorange.net
wss://*.visitors.live
https://pubsub.googleapis.com
https://api.luckyorange.com
image-src https://d10lpsik1i8c69.cloudfront.net
script-src https://d10lpsik1i8c69.cloudfront.net
worker-src blob:

Note: The blob: directive is used to improve the performance of our code by performing certain actions within a web worker. The googleapis.com directive is used as fallback in the rare event our own data ingestion pipeline is unavailable.

Still need help? Contact Us Contact Us