Top
    Login
    Contents x
    What are the trusted Whatfix domains to whitelist?
    • 11 Sep 2023
    • 1 Minute To Read
    • Print
    • Dark
      Light
    • PDF
    Contents

    What are the trusted Whatfix domains to whitelist?

    • Updated On 11 Sep 2023
    • 1 Minute To Read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    If your organization uses a firewall to restrict network access to only specific websites or software, then you need to whitelist the following domains to ensure that your app can communicate with Whatfix and fetch content for your end users to view.

    Also, if your organization has a Content Security Policy (CSP) in place to block external code insertions, it could prevent Whatfix from working on your app.

    To prevent this from happening and to resolve CSP violation errors, the following domains must be added as an exception (Whitelisted) as part of the application's CSP headers. For more information, see Content Security Policy Reference.

    Domains to Whitelist:

    For all users (excluding EU data centre users):

    https://whatfix.com
    https://cdn.whatfix.com

    Your title goes here
    Both https://whatfix.com and https://cdn.whatfix.com use Port 443, which is the port for the HTTPS Protocol.
    Info:

    The following domains also need to be whitelisted if you have configured Google Analytics for your account:

    CSP directives to whitelist:

    Note:
    • Depending on the deployment model, you need to whitelist only the necessary directives.
    • Whitelist Google Analytics (GA) domains only if you have GA configured for your account.
    Deployment ModelCSP DirectivesDomain/value
    Export (Content on the same server)connect-src*whatfix.com
    www.google-analytics.com

    analytics.google.com

    style-srcunsafe-inline
    img-srcdata:
    www.google-analytics.com
    analytics.google.com

    Export (Content fetched from a different domain server)connect-src*whatfix.com
    www.google-analytics.com
    analytics.google.com
    script-src*.<domain>, <domain>
    frame-src
    style-srcunsafe-inline
    img-srcdata:
    www.google-analytics.com
    analytics.google.com

    CDNconnect-src*whatfix.com
    *.whatfix.com
    www.google-analytics.com
    analytics.google.com
    script-src
    *.whatfix.com

    frame-src
    style-srcunsafe-inline
    img-srcwww.google-analytics.com
    analytics.google.com
    data:

    Extensionconnect-srcwww.google-analytics.com
    analytics.google.com
    img-srcdata:
    www.google-analytics.com
    analytics.google.com

    Dev scriptconnect-src*.whatfix.com
    *whatfix.com
    www.google-analytics.com
    analytics.google.com
    img-srcdata:
    www.google-analytics.com
    analytics.google.com
    script-src
    		*.whatfix.com
    *whatfix.com
    frame-src
    Your title goes here
    The following domain needs to be whitelisted for Survey responses to be captured.

    https://survey-api-eus.whatfix.com 

    For EU data center users:

    • https://eu.whatfix.com/
    • https://eucdn.whatfix.com/

    CSP directives to whitelist for EU Data Centers

    Deployment ModelCSP DirectivesDomain/value
    CDNconnect-src*whatfix.com
    *.whatfix.com
    script-src*.whatfix.com
    frame-src


    Dev script    		connect-src*.whatfix.com
    *whatfix.com
    script-src
    frame-src
    Your title goes here

    The following domain needs to be whitelisted for the Survey responses to be captured:

    https://survey-api-eu.whatfix.com 

    Note
    • Your IT Admin can help whitelist the domains mentioned.
    • If you are using any video or image links in your Whatfix content, then you need to whitelist those domains as well. For example, if you embed a YouTube video in a vivid Pop-up, you need to whitelist youtube.com.

    When do domains need whitelisting?

    Whatfix recommends whitelisting the domains as soon as you start creating content on Whatfix. This way, content creators will not have any issues previewing and testing the content.

    IP addresses to Whitelist

    IPv4IPv6

    173.245.48.0/20

    2400:cb00::/32

    103.21.244.0/22

    2606:4700::/32

    103.22.200.0/22

    2803:f800::/32

    103.31.4.0/22

    2405:b500::/32

    141.101.64.0/18

    2405:8100::/32

    108.162.192.0/18

    2a06:98c0::/29

    190.93.240.0/20

    2c0f:f248::/32

    188.114.96.0/20


    197.234.240.0/22


    198.41.128.0/17


    162.158.0.0/15


    172.64.0.0/13


    131.0.72.0/22


    104.24.0.0/13
    104.24.0.0/14
    Note
    IP addresses are the same for all users.

    Best Practices

    Ensure that you have applied the policy to every page. This must include error pages as well.

    Was this article helpful?
    What's Next
    Privacy Policy | Whatfix Glossary | Whatfix Platform Status
    Copyright © 2023 WHATFIX TM. All rights reserved.
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout