You can use Chatlio with Content Security Policy (CSP) headers. If you load the Chatlio embed code from a javascript file, you can avoid the use of script-src 'unsafe-inline'.
The above policies get an “All Good” from Google’s CSP Evaluator.
Chatlio requires the following policies:
default-src 'self' https://*.chatlio.com;
script-src 'self' https://*.chatlio.com https://*.pusher.com https://*.pusherapp.com;
connect-src 'self' https://*.chatlio.com https://*.pusher.com wss://*.chatlio.com wss://*.pusherapp.com;
img-src *;
object-src 'none';
style-src 'unsafe-inline' https://*.chatlio.com;
These rules still receive “All Good” from Google’s CSP Evaluator.
Please contact us via our widget below if you have any questions or concerns about using Chatlio with CSP. We are happy to assist.
This website is built using latest technogies. Unfortunately your browser doesn't support those. Please update your browser to view this website correctly. Thank you.Update my browser now