Allowing Our Script in Your Content Security

If your website uses a Content Security Policy (CSP), you may need to explicitly allow the Visual Visitor script to load.

How to Allow the Script

1. Log in to your website hosting platform, CMS, or security tool (for example: Cloudflare, WordPress security plugin, server headers).

2. Locate Content Security Policy (CSP) settings.

3. Add the Visual Visitor domains to your script-src directive.
   

If you already have a script-src rule, simply append the domains rather than replacing existing entries.

After Updating CSP

• Save your changes

• Clear any site or CDN cache

• Reload your website and confirm the script is loading without errors in the browser console
  

Common signs CSP is blocking the script.

• Script appears installed but no engaged candidates are captured
  

• Console errors referencing “blocked by Content Security Policy”

• Network tab shows blocked or canceled script requests
  

• Related Articles

• How to Allow the Visual Visitor Script in Your Content Security Policy (CSP)

  A Content Security Policy (CSP) is a browser security feature that restricts which external scripts and resources can load on your website. If your site enforces a strict CSP and the Visual Visitor domain is not whitelisted, the tracking script will ...

• Why Is My Tracking Script Not Firing After Installation? (Cache and GTM Publishing Issues)

  If you have installed the Visual Visitor tracking script but your dashboard is showing zero visitors, one of the following issues is most likely the cause: · Cache not cleared: WordPress sites using caching plugins (WP Rocket, LiteSpeed, W3 Total ...

• Visual Visitor WordPress Plugin Installation

  Visual Visitor’s WordPress Plugin Visual Visitor has created an easy to use, WordPress Plugin. This plugin simplifies the installation of Visual Visitor even more so that your company can quickly benefit from the services of anonymous visitor ...

• Tracking Script Installed but No Data Captured: Common Configuration Issues

  If the Visual Visitor tracking script is confirmed to be installed on your website but visitor data is still not appearing in the dashboard, one of three configuration issues is usually the cause: a zero-ID budget threshold, a script conflict, or an ...

• How to Resolve Dual Cookie Banner Conflicts That Break Script Firing

  Dual Cookie Banner Conflict A dual cookie banner conflict occurs when two separate consent banners are active on the same website at the same time. This commonly happens when a platform-native banner (such as CDK, Dealer.com, Shopify apps, or similar ...