Customise your Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

By default, the Storeganise website and customer booking portal send Content Security Policy (CSP) headers to protect your users from various types of 'attacks'. See, for example, this CSP report on our Spaceup demo app which gets a high security rating.


When customising or adding integrations to your Storeganise website or customer portal you may run into issues with some third party scripts not working due to our default CSP.

This functionality is technical and is intended for your developers or IT team to use.

Note that changing CSP headers can make your website and customer portal more vulnerable to attacks so should be done with care.

Always try to set the minimum, most targeted CSP headers you can to enable the specific functionality you need.

In developer settings, you can override some of the default CSP directives by adding URLs to allow. (Note: you can use a wildcard * for allowing all subdomains).



Note for Google Ads: Each Google top-level domain must be specified individually, so for example add into connect-src custom CSP in developer tools to support Google ads in those 2 countries:

https://*.google.de
https://*.google.pl
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles