If your online store is using CSP, then we recommend adding the sources listed below to your Content Security Policies.
This avoids browsers blocking all requests from Videoly and YouTube.
- default-src: 'unsafe-inline' *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net
- img-src: data: *.ytimg.com *.wistia.com *.wistia.net
- media-src: data:
Source "data" is needed, because the widget and YouTube's player have inline imaged embedded to avoid network requests.
- If you defined script-src rule in you should add
- If you defined frame-src rule you should add
These two options only apply when additional rules are defined.