Skip to main content

How to use the Ticket Tailor widget with a Content Security Policy (CSP)

Learn how to embed the Ticket Tailor widget on pages that use a Content Security Policy.

Written by Rhio

You can embed the Ticket Tailor widget on pages that use a Content Security Policy (CSP). To do this, you'll need to make sure your CSP allows the scripts and resources that the widget loads.


How to configure your CSP for the widget

Add the following domains to your CSP to allow the widget to load correctly:

If you also have a custom domain with us and use the custom domain widget, you need to add

These permissions allow the widget script to run and the embedded checkout iframe to load within your page.


💡 Things to note

  • Nonce-based CSP is not currently supported. If your site uses a nonce-based CSP (where each script requires a unique one-time token to run) the widget will not work with that policy in place.

    • Workaround for nonce-based CSP: Apply a less restrictive CSP on the specific page or pages where the widget is embedded, for example by not requiring a nonce for scripts on those pages. This only needs to be changed on those pages; your site-wide CSP can stay as it is. Your development team should be able to set this up as a page-level override.

    • This limitation only applies to the embedded widget. Our hosted payment pages (where buyers complete their purchase on tickettailor.com) are not affected.

Did this answer your question?