Content Security Policy (CSP) directives

If you are using Content Security Policy (CSP) for your Adobe Target implementation, you should add the following CSP directives when using at.js 2.1 or later:

  • connect-src with * allowlisted. Necessary to allow the network request to the Target edge.
  • style-src unsafe-inline. Required for pre-hiding and flicker control.
  • script-src unsafe-inline. Required to allow JavaScript execution that might be part of an HTML offer.

On this page