[Klaviyo Status] Delays in Real-Time Segmentation + Intermittent Issue with App Accessibility
Does Klaviyo have a list of URLs we can include in our site CSP?
as per https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Best answer by alex.hong 23 November 2021, 23:06
Hey there @Mailing!
I've checked in with my team and we don't currently have a list like you're requesting, however, all of the resources will originate from klaviyo.com and so I believe that your example from the first email of using *.klaviyo.com is going to be the best way to accomplish this.
Hope this helped!Alex
I’d like to follow this up with a request for a page in the documentation specifically related to CSP configuration for Klaviyo and any on-site scripts.
There are a number of different assets required to be added to the CSP and simply adding *.klaviyo.com to all directives is not best practice.
Providing the specific directives and the URLs such as here https://developers.google.com/tag-platform/tag-manager/web/csp so that a wildcard doesn’t need adding would be far more useful.
Hi there @dgreenwooduktf!Thank you for your feedback and additional details regarding this manner with Klaviyo and CSPs. I have put your comments into a product request so that our team can get some eyes on this feature.
Have a good day,
You’ll need the following:
connect-src *.klaviyo.com; script-src *.klaviyo.com;
It doesn’t inspire confidence when things like this aren’t documented.
Don't be shy and see who else has similar interests.
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
Links & Resources