Ui componentsCustomization guides

Content Security Policy (CSP)

Allowlisting request endpoints

If your app or website has a strict Content Security Policy, you may need to allowlist the following domains:

  • https://api.inkeep.com
  • https://api.io.inkeep.com

Alternatively, you can set up a proxy instead using the chatApiProxyDomain and analyticsApiProxyDomain, see here for more details.

Allowlisting the script source

If you are loading the widget via a JS Snippet you may also need to allowlist:

  • https://cdn.jsdelivr.net or https://uikit.inkeep.com

On this page