Content Security Policy (CSP) directives

If you are using Content Security Policy (CSP) for your Target implementation, you should add the following CSP directives when using at.js 2.1 or later:

  • connect-src with * allowlisted. Necessary to allow the network request to the Target edge.
  • style-src unsafe-inline. Required for pre-hiding and flicker control.
  • script-src unsafe-inline. Required to allow JavaScript execution that might be part of an HTML offer.

On this page