Content Security Policy

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).

If the Vouched JS Plugin is being embedded into your website and CSP is being used, the following needs to be enabled:

default-src: [ `self`, `unsafe-eval`, `unsafe-inline`, `blob:`, `data:`,
                `*`, `*`, `*`, `*`,
                `*`, `*`, `*`