How to Whitelist Triblio in Your Website’s Content Security Policy (CSP)?
To enhance security, websites can elect to define a Content Security Policy (CSP), which allows website owners to restrict the content (script/styles/images, etc.) loaded on the page to only trusted (whitelisted) sources. This ensures that no malicious external asset can risk your business or customers by acting as an agent for a trusted website. If the Content-Security-Policy header is defined, the browser will reject any content from non-whitelisted sources.
In order for Triblio analytics and personalizations to function properly on your website, you will need to whitelist tribl.io in your CSP. To whitelist Triblio, add the following rules to your existing Content Security Policy.
default-src 'self' blob:; connect-src tribl.io; style-src 'self' 'unsafe-inline' tribl.io; script-src 'unsafe-eval' 'unsafe-inline' 'self' tribl.io; img-src 'self' tribl.io s3.amazonaws.com; frame-src 'self' tribl.io;