# Content Security Policy (CSP)

### ✅ Why isn't my CMP displaying on my site?

If your Consent Management Platform (CMP) isn't showing up, chances are it's being blocked by your **Content Security Policy (CSP)**.

CSP is a security measure that restricts the loading of external scripts. If your site hasn’t explicitly allowed the CMP’s domain, it simply won’t load.

### ⚙ How to fix this issue?

Good news: you just need to **whitelist the CMP’s domain** in your CSP. Here’s how:

#### 1. Modify your CSP

Add the CMP’s URL to your security policy. Here’s an example of how to update your HTTP header:

```
Content-Security-Policy: script-src 'self' https://*.consentframework.com;
```

**Allow inline images if needed (optional)**

Some CMPs (including Sirdata's) may use base64-encoded images (`data:image/...`) for icons or logos. If these are blocked by your CSP, you might see an error like:

```
Refused to load the image 'data:image/png;base64,...' because it violates the Content Security Policy...
```

To fix this, you can extend your CSP by adding the following:

**Example:**

```http
Content-Security-Policy: 
  script-src 'self' https://*.consentframework.com;
  img-src 'self' data: https:;
```

💡 This allows base64 images within `<img>` tags, without significantly compromising your site’s security.

#### 2. Test and Validate

After making the changes, refresh your page (**Ctrl + Shift + R**) and check if the CMP is now displayed. You can also recheck the console to see if the CSP errors have disappeared.

### 🌟 TL;DR

* **Your CMP is blocked** ✖ by your security policy (CSP)
* **Solution: whitelist its domain** ✔
* **Where?** In your site’s HTTP header
* **Test, refresh, and enjoy!** 🚀

If in doubt, share this FAQ with your developer (they’ll get it right away 😉). Need help? We're here for you! 💡


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cmp.docs.sirdata.net/en/faq/content-security-policy-csp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.