Top
Login
Contents x
What are the trusted Whatfix domains to whitelist?
  • 10 Mar 2023
  • 1 Minute To Read
  • Print
  • Dark
    Light
  • PDF
Contents

What are the trusted Whatfix domains to whitelist?

  • Updated On 10 Mar 2023
  • 1 Minute To Read
  • Print
  • Dark
    Light
  • PDF
Article Summary

If your organization uses a firewall to restrict network access to only specific websites or software, then you need to whitelist the following domains to ensure that your app can communicate with Whatfix and fetch content for your end users to view.

Also, if your organization has a Content Security Policy (CSP) in place to block external code insertions, then it could prevent Whatfix from working on your app.

To prevent this from happening and to resolve CSP violation errors, the following domains must be added as an exception (Whitelisted) as part of the application's CSP headers. For more information, see Content Security Policy Reference.

Domains to Whitelist:

For all users (excluding EU data centre users):

  • https://whatfix.com/*
  • https://cdn.whatfix.com/*
CSP directives to whitelist
your title goes here
  • Depending on the deployment model, you need to whitelist only the necessary directives.
  • Whitelist Google Analytics (GA) domains only if you have it configured for your account.
Deployment ModelCSP DirectivesDomain/value
Export (Content on the same server)connect-src *whatfix.com
www.google-analytics.com

analytics.google.com

style-srcunsafe-inline
img-srcdata:
www.google-analytics.com
analytics.google.com

Export (Content fetched from a different domain server)connect-src*whatfix.com
www.google-analytics.com
analytics.google.com
script-src *.<domain>, <domain>
frame-src
style-src unsafe-inline
img-srcdata:
 www.google-analytics.com
analytics.google.com

CDNconnect-src*whatfix.com
*.whatfix.com
 www.google-analytics.com
analytics.google.com
script-src
*.whatfix.com

frame-src
style-srcunsafe-inline
img-src www.google-analytics.com
 analytics.google.com
data:

Extensionconnect-src www.google-analytics.com
 analytics.google.com
img-srcdata:
 www.google-analytics.com
 analytics.google.com

Dev scriptconnect-src*.whatfix.com
*whatfix.com
 www.google-analytics.com
 analytics.google.com
img-srcdata:
www.google-analytics.com
analytics.google.com
script-src
*.whatfix.com
*whatfix.com
frame-src


For EU data center users:

  • https://eu.whatfix.com/*
  • https://eucdn.whatfix.com/*
CSP directives to whitelist for EU Data Centers


Deployment ModelCSP DirectivesDomain/value
CDNconnect-src*whatfix.com
*.whatfix.com
script-src *.whatfix.com
frame-src


Dev script		connect-src*.whatfix.com
*whatfix.com
script-src
frame-src


Note
  • Your IT Admin can help in whitelisting the mentioned domains.
  • If you are using any video or image links in your Whatfix content, then you need to whitelist those domains as well. For example, if you embed a YouTube video in a vivid Pop-up, then you need to whitelist youtube.com.

For organizations that use Proxy servers 

If your organization uses Zscaler or some other equivalent proxy server, then it could prevent Whatfix widgets from showing up even after the successful installation of the Desktop Player and Editor apps.
To prevent this issue, you must exempt the following Whatfix URLs from SSL certificate inspection,
  • https://cdn.whatfix.com
  • Other Whatfix URLs mentioned in this article
To know more about SSL exemption for Zscalar, see

When do domains need whitelisting?

Whatfix recommends whitelisting the domains as soon as you start creating content on Whatfix. This way, content creators will not have any issues previewing and testing the content.

IP addresses to Whitelist

IPv4IPv6

173.245.48.0/20

2400:cb00::/32

103.21.244.0/22

2606:4700::/32

103.22.200.0/22

2803:f800::/32

103.31.4.0/22

2405:b500::/32

141.101.64.0/18

2405:8100::/32

108.162.192.0/18

2a06:98c0::/29

190.93.240.0/20

2c0f:f248::/32

188.114.96.0/20


197.234.240.0/22


198.41.128.0/17


162.158.0.0/15


172.64.0.0/13


131.0.72.0/22


104.24.0.0/13
104.24.0.0/14
Note
IP addresses are the same for all users.

Best Practices

Make sure you have applied the policy to every page. This must include error pages as well.

Was this article helpful?
What's Next
Privacy Policy | Whatfix Glossary | Whatfix Platform Status
Copyright © 2024 WHATFIX TM. All rights reserved.
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout