To make sure Shopimind services work properly on your e-commerce site, you need to set up your Content Security Policy (CSP) to allow our domains. If your CSP configuration is too restrictive, it can block certain scripts, images, or essential content, preventing Shopimind from providing the best experience.
ShopiMind uses several domains to host and deliver its resources, like JavaScript files, images, or application services. If these domains aren't explicitly allowed in your CSP policy, your visitors might not see some ShopiMind features or content.
Here’s the full list of ShopiMind domains to add to your CSP:
static-spm.com
*.static-spm.com
media.shopimind.io
app-spm.com
*.app-spm.comImportant:
If you’ve set up a redirect domain in your domains, you should also add this domain to your CSP.
Find the CSP directive to update
Depending on how things are set up now, the most common directives you'll need to update are:
script-src : to allow scripts.
img-src : to allow images.
style-src : to allow stylesheets.
connect-src : for API or WebSocket requests.
Update your CSP policy
If you use a .htaccess, an NGINX or Apache server, add Shopimind domains to your Content-Security-Policy directive.
Test your configuration
After updating the policy, we recommend checking the following:
Make sure page views are correctly showing up in your dashboard.
Check that pop-in or ShopiMind Smart-Contents images show up correctly on your store.
If you have any questions or need more help, our support team is here for you.