Content Security Policy (CSP) Settings for Beacon

If your website or web app has a  Content Security Policy header and you would like to embed a Beacon, you'll want to whitelist a few additional sources so that everything works properly. 

Here's a list of everything ton include in your header. Remember to replace anything that says your-site-subdomain with your Docs site subdomain.

connect-src:
	https://your-site-subdomain.helpscoutdocs.com
	https://secure.helpscout.net
	https://api.ipify.org

child-src: // only needed if your Docs content includes any of the video sources below
	https://www.youtube.com
	https://player.vimeo.com
	https://fast.wistia.net

style-src:
	'unsafe-inline'
	https://fonts.googleapis.com
	https://d12wqas9hcki3z.cloudfront.net
	https://djtflbt20bdde.cloudfront.net

font-src:
	data:
	https://fonts.gstatic.com

base-uri:
	https://docs.helpscout.net

script-src:
	https://d12wqas9hcki3z.cloudfront.net
	https://d33v4339jhl8k0.cloudfront.net
	https://djtflbt20bdde.cloudfront.net

frame-src:
	https://djtflbt20bdde.cloudfront.net

object-src:
	https://djtflbt20bdde.cloudfront.net

Still stuck? How can we help? How can we help?