What are the trusted Whatfix domains to whitelist?
- 20 Feb 2025
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
What are the trusted Whatfix domains to whitelist?
- Updated On 20 Feb 2025
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
If your organization uses a firewall to restrict network access to only specific websites or software, whitelist the following domains to ensure that your app can communicate with Whatfix and fetch content for your end users to view.
If your organization has a Content Security Policy (CSP) in place to block external code insertions, it could prevent Whatfix from functioning on your app.
To prevent this from happening and to resolve CSP violation errors, add the following domains as exceptions (Whitelisted) in the application's CSP headers. For more information, see Content Security Policy Reference.
Domains to Whitelist:
Subdomains to whitelist for all users (excluding EU data center users)
CSP directives to Whitelist for non-EU data centers
Subdomains to whitelist for EU data center users
CSP Directives to Whitelist for EU data centers
Subdomains to whitelist for all users (excluding EU data center users):
The following subdomains need to be whitelisted under all three CSP directives, that is, frame-src, connect-src, and script-src:
- whatfix.com
- cdn.whatfix.com
- addons.whatfix.com
- events.whatfix.com
- videos.whatfix.com
Info:
Both https://whatfix.com and https://cdn.whatfix.com use Port 443, which is the port for the HTTPS Protocol.
Info:
The following domains also need to be whitelisted if Google Analytics is configured for your account:
CSP directives to whitelist for non-EU data centers:
Info:
- Depending on the deployment model, whitelist only the necessary directives.
- Whitelist Google Analytics (GA) domains only if you have GA configured for your account.
| Deployment Model | CSP Directives | Domain/value |
| Export (Content on the same server) | connect-src | *whatfix.com |
| www.google-analytics.com | ||
analytics.google.com | ||
| style-src | unsafe-inline | |
| img-src | data: | |
| www.google-analytics.com | ||
| analytics.google.com | ||
| Export (Content fetched from a different domain server) | connect-src | *whatfix.com |
| www.google-analytics.com | ||
| analytics.google.com | ||
| script-src | *.<domain>, <domain> | |
| frame-src | ||
| style-src | unsafe-inline | |
| img-src | data: | |
| www.google-analytics.com | ||
| analytics.google.com | ||
| CDN | connect-src | *.whatfix.com |
| *.whatfix.com | ||
| www.google-analytics.com | ||
| analytics.google.com | ||
| script-src | *.whatfix.com | |
| frame-src | ||
| style-src | unsafe-inline | |
| img-src | www.google-analytics.com | |
| analytics.google.com | ||
| data: | ||
| Extension | connect-src | www.google-analytics.com |
| analytics.google.com | ||
| img-src | data: | |
| www.google-analytics.com | ||
| analytics.google.com | ||
| Dev script | connect-src | *.whatfix.com |
| *whatfix.com | ||
| www.google-analytics.com | ||
| analytics.google.com | ||
| img-src | data: | |
| www.google-analytics.com | ||
| analytics.google.com | ||
| script-src | *.whatfix.com *whatfix.com | |
| frame-src | ||
Note:
The following domain needs to be whitelisted for Survey responses to be captured.
https://survey-api-eus.whatfix.com
https://survey-api-eus.whatfix.com
Subdomains to whitelist for EU data center users:
The following subdomains need to be whitelisted under all three CSP directives, that is, frame-src, connect-src, and script-src:
- eu.whatfix.com
- eucdn.whatfix.com
- euaddons.whatfix.com
- videos.whatfix.com
CSP directives to whitelist for EU Data Centers
| Deployment Model | CSP Directives | Domain/value |
| CDN | connect-src | *.whatfix.com |
| *.whatfix.com | ||
| script-src | *.whatfix.com | |
| frame-src | ||
Dev script | connect-src | *.whatfix.com *whatfix.com |
| script-src | ||
| frame-src | ||
Note:
The following domain needs to be whitelisted for the Survey responses to be captured:
https://survey-api-eu.whatfix.com
Note
- Your IT Admin can help whitelist the domains mentioned.
- If you are using any video or image links in your Whatfix content, whitelist those domains as well. For example, if you embed a YouTube video in a Pop-up, you need to whitelist youtube.com.
When do domains need whitelisting?
Whatfix recommends whitelisting the domains as soon as you start creating content on Whatfix. This way, content creators will not have any issues previewing and testing the content.
IP addresses to Whitelist
| IPv4 | IPv6 |
173.245.48.0/20 | 2400:cb00::/32 |
103.21.244.0/22 | 2606:4700::/32 |
103.22.200.0/22 | 2803:f800::/32 |
103.31.4.0/22 | 2405:b500::/32 |
141.101.64.0/18 | 2405:8100::/32 |
108.162.192.0/18 | 2a06:98c0::/29 |
190.93.240.0/20 | 2c0f:f248::/32 |
188.114.96.0/20 | |
197.234.240.0/22 | |
198.41.128.0/17 | |
162.158.0.0/15 | |
172.64.0.0/13 | |
131.0.72.0/22 | |
| 104.24.0.0/13 | |
| 104.24.0.0/14 |
Note
IP addresses are the same for all users.
Best Practices
Ensure that you have applied the policy to every page, including error pages.
Was this article helpful?