This article lists the domains Promolayer requires to function correctly when a Content Security Policy (CSP) is active on your site.
Required domains
Choose one option based on your security requirements:
Option 1: Wildcard domains (recommended)
*.peakdigital.cloud
*.promolayer.io
*.b-cdn.net
Option 2: Individual domains (tighter security)
geoip.peakdigital.cloud
a.promolayer.io
displayscdn.promolayer.io
modules.promolayer.io
promolayer-images.b-cdn.net
scripts.promolayer.io
api.promolayer.io
Setup Instructions
Step 1: Locate your CSP — typically in your HTML <head> or via HTTP headers.
Step 2: Add the required domains using a <meta> tag:
<!-- Option 1: Wildcard domains --> <meta http-equiv="Content-Security-Policy" content="default-src 'self' *.peakdigital.cloud *.promolayer.io *.b-cdn.net;">
<!-- Option 2: Individual domains --> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' scripts.promolayer.io; connect-src 'self' api.promolayer.io; img-src 'self' promolayer-images.b-cdn.net; frame-src 'self' modules.promolayer.io; style-src 'self' displayscdn.promolayer.io; child-src 'self' a.promolayer.io;">
Step 3: Test your site and check the browser console for CSP violation logs.
