Skip to main content

Content Security Policy (CSP): Domains and Setup

Lists the domains required in a Content Security Policy (CSP) for Promolayer to function, with wildcard and individual domain options and meta tag examples.

This article lists the domains Promolayer requires to function correctly when a Content Security Policy (CSP) is active on your site.




Required domains

Choose one option based on your security requirements:


Option 1: Wildcard domains (recommended)

*.peakdigital.cloud
*.promolayer.io
*.b-cdn.net


Option 2: Individual domains (tighter security)

geoip.peakdigital.cloud
a.promolayer.io
displayscdn.promolayer.io
modules.promolayer.io
promolayer-images.b-cdn.net
scripts.promolayer.io
api.promolayer.io




Setup Instructions

Step 1: Locate your CSP — typically in your HTML <head> or via HTTP headers.


Step 2: Add the required domains using a <meta> tag:


<!-- Option 1: Wildcard domains -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' *.peakdigital.cloud *.promolayer.io *.b-cdn.net;">

<!-- Option 2: Individual domains --> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' scripts.promolayer.io; connect-src 'self' api.promolayer.io; img-src 'self' promolayer-images.b-cdn.net; frame-src 'self' modules.promolayer.io; style-src 'self' displayscdn.promolayer.io; child-src 'self' a.promolayer.io;">


Step 3: Test your site and check the browser console for CSP violation logs.

Did this answer your question?