Allowing Our Script in Your Content Security
If your website uses a Content Security Policy (CSP), you may need to explicitly allow the Visual Visitor script to load.
How to Allow the Script
Log in to your website hosting platform, CMS, or security tool (for example: Cloudflare, WordPress security plugin, server headers).
Locate Content Security Policy (CSP) settings.
Add the Visual Visitor domains to your
script-srcdirective.
If you already have a script-src rule, simply append the domains rather than replacing existing entries.After Updating CSP
Save your changes
Clear any site or CDN cache
Reload your website and confirm the script is loading without errors in the browser console
Common signs CSP is blocking the script.
- Script appears installed but no engaged candidates are captured
Console errors referencing “blocked by Content Security Policy”
Network tab shows blocked or canceled script requests
Related Articles
How to Allow the Visual Visitor Script in Your Content Security Policy (CSP)
A Content Security Policy (CSP) is a browser security feature that restricts which external scripts and resources can load on your website. If your site enforces a strict CSP and the Visual Visitor domain is not whitelisted, the tracking script will ...Why Is My Tracking Script Not Firing After Installation? (Cache and GTM Publishing Issues)
If you have installed the Visual Visitor tracking script but your dashboard is showing zero visitors, one of the following issues is most likely the cause: · Cache not cleared: WordPress sites using caching plugins (WP Rocket, LiteSpeed, W3 Total ...How to Embed the Visual Visitor Dashboard in a Third-Party Reporting Tool
If you use a reporting platform such as Agency Analytics, DashThis, or a custom client portal, you may want to embed the Visual Visitor dashboard as an iframe for a unified client reporting experience. This requires specific configuration to prevent ...What Is a CORS Policy Error and How Does It Affect Visual Visitor Tracking?
A CORS (Cross-Origin Resource Sharing) policy error occurs when a browser blocks a script or API call from a different domain than the one the page is hosted on. This can affect Visual Visitor tracking in specific scenarios where click-tracking or ...Visual Visitor WordPress Plugin Installation
Visual Visitor’s WordPress Plugin Visual Visitor has created an easy to use, WordPress Plugin. This plugin simplifies the installation of Visual Visitor even more so that your company can quickly benefit from the services of anonymous visitor ...