# Content Security Policy (CSP)

### ✅ Why isn't my CMP displaying on my site?

If your Consent Management Platform (CMP) isn't showing up, chances are it's being blocked by your **Content Security Policy (CSP)**.

CSP is a security measure that restricts the loading of external scripts. If your site hasn’t explicitly allowed the CMP’s domain, it simply won’t load.

### ⚙ How to fix this issue?

Good news: you just need to **whitelist the CMP’s domain** in your CSP. Here’s how:

#### 1. Modify your CSP

Add the CMP’s URL to your security policy. Here’s an example of how to update your HTTP header:

```
Content-Security-Policy: script-src 'self' https://*.consentframework.com;
```

**Allow inline images if needed (optional)**

Some CMPs (including Sirdata's) may use base64-encoded images (`data:image/...`) for icons or logos. If these are blocked by your CSP, you might see an error like:

```
Refused to load the image 'data:image/png;base64,...' because it violates the Content Security Policy...
```

To fix this, you can extend your CSP by adding the following:

**Example:**

```http
Content-Security-Policy: 
  script-src 'self' https://*.consentframework.com;
  img-src 'self' data: https:;
```

💡 This allows base64 images within `<img>` tags, without significantly compromising your site’s security.

#### 2. Test and Validate

After making the changes, refresh your page (**Ctrl + Shift + R**) and check if the CMP is now displayed. You can also recheck the console to see if the CSP errors have disappeared.

### 🌟 TL;DR

* **Your CMP is blocked** ✖ by your security policy (CSP)
* **Solution: whitelist its domain** ✔
* **Where?** In your site’s HTTP header
* **Test, refresh, and enjoy!** 🚀

If in doubt, share this FAQ with your developer (they’ll get it right away 😉). Need help? We're here for you! 💡