Using Lucky Orange with a Content Security Policy (CSP)

A common layer of security used by many websites is a Content Security Policy. These policies help prevent unauthorized access to website visitor data, and can help mitigate certain types of website attacks. If your website employs the use of a CSP, it will be important to whitelist the Lucky Orange tracking script in order for features like recordings, chat, and the heatmap tool to function properly.

Necessary policy additions:

script-src https://d10lpsik1i8c69.cloudfront.net blob:
connect-src https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com
image-src https://d10lpsik1i8c69.cloudfront.net

Note: The blob: directive is only required for the heatmap tool. The googleapis.com directive is used as fallback in the rare event our own data ingestion pipeline is unavailable.

Still need help? Contact Us Contact Us