Submit Article Requests

Do you have a suggestion for an article you would like to see created?
Feel free to submit this form and add your suggestions to our document board.

Please fill out the contact form below and we will reply as soon as possible.

  • Appcues Certifications & Training
  • Integration Hub
  • Contact Us
  • Docs home
  • Web Experiences
  • FAQ

Content Security Policies

Learn more about the content security policies that Appcues requires to work correctly.

Updated at April 2nd, 2025

Submit Article Requests

Do you have a suggestion for an article you would like to see created?
Feel free to submit this form and add your suggestions to our document board.

Please fill out the contact form with the details about the help content you'd like to see.

  • Installation & Developers
    Installing Appcues Web Installing Appcues Mobile API & Data Troubleshooting Extras
  • Web Experiences
    Building Web Experiences Targeting Studio Customization & Styling Use Cases Troubleshooting FAQ
  • Mobile Experiences
    Installation & Overview Building Mobile Experiences Mobile Analytics & Integrations Troubleshooting
  • Workflows
    Building & Configuration Use Cases Workflow Analytics and Integrations
  • Account Management
    Subscription Users & Data
  • Analytics
    Experience and Event Analytics Data
  • Best Practices
    Best Practices Use Cases Pro Tips Product-led Growth
  • Integrations
    Integration Documents Use Cases Extras
  • System Status
    System Status & Incidents
+ More

Table of Contents

A note on 'unsafe-inline'

Some software products use a content security policy that automatically blocks resources that are not explicitly allowed. Such security policies may cause Appcues' editor or SDK to fail to load properly. If your product has a content security policy that is impacting Appcues' editor or SDK, you will want to extend that CSP with a number of resources that Appcues requires.

You'll need to add the following Content Security Policy settings on your end:

frame-src    'self' https://*.appcues.com;
font-src     'self' https://fonts.gstatic.com;
style-src    'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline';
script-src   'self' https://*.appcues.com https://*.appcues.net;
img-src      'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net;
connect-src  https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com;

Please reach out to us at support@appcues.com if you have any questions on the above.

A note on 'unsafe-inline'

The above content security policy is functional and secure. Some organizations prefer to not have the 'unsafe-inline' as specified in row 3 above. While it is possible to remove this directive, if you do the following Appcues functions will no longer work properly:

  • Themes & In-line Styling

NOTE: If you are using a Locked Version of the SDK (Anything lower than 4.39.41) then you will want to have unsafe-inline specified in rows 2 AND 3 above. While it is possible to remove this directive from those lines, if you do the following Appcues functions will no longer work properly:

  • Themes & In-line Styling
  • The Actions option on the Flow Settings page
  • Trigger Flow Buttons in the Builder

 

faqs content security csp error csp whitelisting whitelist

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Personalize Mobile and Web Flows
  • Diagnostics Tool
  • Manage Flows
  • FAQ: Checklist
Appcues logo

Product

Why Appcues How it works Integrations Security Pricing What's new

Use cases

Appcues Integration Hub User Onboarding Software Feature Adoption Software NPS & Surveys Announcements Insights Mobile Adoption

Company

About
Careers

Support

Developer Docs Contact

Resources

The Appcues Blog Product Adoption Academy GoodUX Case studies Webinar Series Made with Appcues Appcues University

Follow us

Facebook icon Twitter icon grey Linkedin icon Instagram icon
© 2022 Appcues. All rights reserved.
Security Terms of Service Privacy Policy

Knowledge Base Software powered by Helpjuice

Expand