Does Klaviyo have a list of URLs we can include in our site CSP?
as per https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Best answer by alex.hong 23 November 2021, 23:06
I’d like to follow this up with a request for a page in the documentation specifically related to CSP configuration for Klaviyo and any on-site scripts.
There are a number of different assets required to be added to the CSP and simply adding *.klaviyo.com to all directives is not best practice.
Providing the specific directives and the URLs such as here https://developers.google.com/tag-platform/tag-manager/web/csp so that a wildcard doesn’t need adding would be far more useful.
Hi there @dgreenwooduktf!Thank you for your feedback and additional details regarding this manner with Klaviyo and CSPs. I have put your comments into a product request so that our team can get some eyes on this feature.
Have a good day,
You’ll need the following:
connect-src *.klaviyo.com; script-src *.klaviyo.com;
It doesn’t inspire confidence when things like this aren’t documented.
Hey there @Mailing!
I've checked in with my team and we don't currently have a list like you're requesting, however, all of the resources will originate from klaviyo.com and so I believe that your example from the first email of using *.klaviyo.com is going to be the best way to accomplish this.
Hope this helped!Alex
Don't be shy and see who else has similar interests.
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
Links & Resources