Allow-list guidance

For Digital Web to function correctly, the hosting organization's Content Security Policy (CSP) needs to allow access to certain domains. This process is often referred to as allow-listing a domain. In cases where your CSP blocks inline styling an additional feature flag needs to be activated on the property.
Tip: It is only necessary to add these domains to any existing CSP directive
The domains to add to the CSP's allow list depends on the environment the Digital property is deployed on, and the features enabled for the property. To verify the details, please contact your Digital Expert.

Customers on Colo-EU properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.eu;
script-src*.kampyle.com *.medallia.eu;
frame-src*.kampyle.com *.medallia.eu;
font-src*.kampyle.com *.medallia.eu;
img-src*.kampyle.com *.medallia.eu;
style-src*.kampyle.com *.medallia.eu;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.eu https://ubt.digital-cloud.medallia.eu https://analytics-fe.digital-cloud.medallia.eu;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.eu https://analytics-fe.digital-cloud.medallia.eu;
frame-srchttps://resources.digital-cloud.medallia.eu;
font-srchttps://resources.digital-cloud.medallia.eu;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.eu https://analytics-fe.digital-cloud.medallia.eu;
style-srchttps://resources.digital-cloud.medallia.eu https://md-scp.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on Colo-UK properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.eu;
script-src*.kampyle.com *.medallia.eu;
frame-src*.kampyle.com *.medallia.eu;
font-src*.kampyle.com *.medallia.eu;
img-src*.kampyle.com *.medallia.eu;
style-src*.kampyle.com *.medallia.eu;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://ubt-lb.digital-cloud-uk.medallia.eu https://analytics-fe.digital-cloud-uk.medallia.eu;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://analytics-fe.digital-cloud-uk.medallia.eu;
frame-srchttps://resources.digital-cloud-uk.medallia.com;
font-srchttps://resources.digital-cloud-uk.medallia.eu;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.euhttps://analytics-fe.digital-cloud-uk.medallia.eu;
style-srchttps://resources.digital-cloud-uk.medallia.eu https://md-scp.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on Colo-US (SC4) properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.com https://ubt-lb.digital-cloud.medallia.com https://analytics-fe.digital-cloud.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.com https://analytics-fe.digital-cloud.medallia.com;
frame-srchttps://resources.digital-cloud.medallia.com;
font-srchttps://resources.digital-cloud.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.com https://analytics-fe.digital-cloud.medallia.com;
style-srchttps://resources.digital-cloud.medallia.com https://md-scp.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on Colo-West (SEA1) properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-west.medallia.com https://ubt-lb.digital-cloud-west.medallia.com https://analytics-fe.digital-cloud-west.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-west.medallia.com https://analytics-fe.digital-cloud-west.medallia.com;
frame-srchttps://resources.digital-cloud-west.medallia.com;
font-srchttps://resources.digital-cloud-west.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-west.medallia.com https://analytics-fe.digital-cloud-west.medallia.com;
style-srchttps://resources.digital-cloud-west.medallia.com https://md-scp.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on Colo-Canada properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.ca;
script-src*.kampyle.com *.medallia.ca;
frame-src*.kampyle.com *.medallia.ca;
font-src*.kampyle.com *.medallia.ca;
img-src*.kampyle.com *.medallia.ca;
style-src*.kampyle.com *.medallia.ca;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.ca https://ubt-lb.digital-cloud.medallia.ca https://analytics-fe.digital-cloud.medallia.ca;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.ca https://analytics-fe.digital-cloud.medallia.ca;
frame-srchttps://resources.digital-cloud.medallia.ca;
font-srchttps://resources.digital-cloud.medallia.ca;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud.medallia.ca https://analytics-fe.digital-cloud.medallia.ca;
style-srchttps://resources.digital-cloud.medallia.ca https://md-scp.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on DHH US (SC4) properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.digital-cloud-prem.medallia.com;
script-src*.digital-cloud-prem.medallia.com;
frame-src*.digital-cloud-prem.medallia.com;
font-src*.digital-cloud-prem.medallia.com;
img-src*.digital-cloud-prem.medallia.com;
style-src*.digital-cloud-prem.medallia.com;
base-uri*.digital-cloud-prem.medallia.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://resources.digital-cloud-prem.medallia.com https://ubt-lb.digital-cloud-prem.medallia.com https://analytics-fe.digital-cloud-prem.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-prem.medallia.com https://analytics-fe.digital-cloud-prem.medallia.com;
frame-srchttps://resources.digital-cloud-prem.medallia.com;
font-srchttps://resources.digital-cloud-prem.medallia.com;
img-srchttps://resources.digital-cloud-prem.medallia.com https://analytics-fe.digital-cloud-prem.medallia.com;
style-srchttps://resources.digital-cloud-prem.medallia.com ;

Customers on DHH EU (FRA1) properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.digital-cloud-prem.medallia.eu;
script-src*.digital-cloud-prem.medallia.eu;
frame-src*.digital-cloud-prem.medallia.eu;
font-src*.digital-cloud-prem.medallia.eu;
img-src*.digital-cloud-prem.medallia.eu;
style-src*.digital-cloud-prem.medallia.eu;
base-uri*.digital-cloud-prem.medallia.eu;

If the CSP is not using wildcards, allow these domains:

connect-srcghttps://resources.digital-cloud-prem.medallia.eu https://ubt.digital-cloud-prem.medallia.eu https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-prem.medallia.eu;
script-srchttps://resources.digital-cloud-prem.medallia.eu https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-prem.medallia.eu;
frame-srchttps://resources.digital-cloud-prem.medallia.eu;
font-srchttps://resources.digital-cloud-prem.medallia.eu;
img-srchttps://resources.digital-cloud-prem.medallia.eu https://analytics-fe.digital-cloud-prem.medallia.eu;
style-srchttps://resources.digital-cloud-prem.medallia.eu;

Customers on Singapore properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-sin1.medallia.com https://ubt.digital-cloud-sin1.medallia.com https://analytics-fe.digital-cloud-sin1.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-sin1.medallia.com https://analytics-fe.digital-cloud-sin1.medallia.com;
frame-srchttps://resources.digital-cloud-sin1.medallia.com;
font-srchttps://resources.digital-cloud-sin1.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-sin1.medallia.com https://analytics-fe.digital-cloud-sin1.medallia.com;
style-srchttps://md-scp.kampyle.com https://resources.digital-cloud-sin1.medallia.com;
base-urihttps://md-scp.kampyle.com;

Customers on PHX1 properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-phx1.medallia.com https://ubt.digital-cloud-phx1.medallia.com https://analytics-fe.digital-cloud-phx1.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-phx1.medallia.com https://analytics-fe.digital-cloud-phx1.medallia.com;
frame-srchttps://resources.digital-cloud-phx1.medallia.com;
font-srchttps://resources.digital-cloud-phx1.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-phx1.medallia.com https://analytics-fe.digital-cloud-phx1.medallia.com;
style-srchttps://md-scp.kampyle.com https://resources.digital-cloud-phx1.medallia.com;
base-urihttps://md-scp.kampyle.com;

Customers on JED1 properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-jed1.medallia.com https://ubt.digital-cloud-jed1.medallia.com https://analytics-fe.digital-cloud-jed1.medallia.com;
script-srchttps://md-scp.kampyle.com https://resources.digital-cloud-jed1.medallia.com https://analytics-fe.digital-cloud-jed1.medallia.com;
frame-srchttps://resources.digital-cloud-jed1.medallia.com;
font-srchttps://resources.digital-cloud-jed1.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-jed1.medallia.com https://analytics-fe.digital-cloud-jed1.medallia.com;
style-srchttps://md-scp.kampyle.com https://resources.digital-cloud-jed1.medallia.com;
base-urihttps://md-scp.kampyle.com;

Customers on HND1 properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://resources.digital-cloud-hnd1.medallia.com https://ubt.digital-cloud-hnd1.medallia.comhttps://analytics-fe.digital-cloud-hnd1.medallia.com;
script-srchttps://md-scp.kampyle.com https://digital-cloud-hnd1.medallia.com https://resources.digital-cloud-hnd1.medallia.com https://analytics-fe.digital-cloud-hnd1.medallia.com;
frame-srchttps://resources.digital-cloud-hnd1.medallia.com;
font-srchttps://resources.digital-cloud-hnd1.medallia.com;
img-srchttps://md-scp.kampyle.com https://resources.digital-cloud-hnd1.medallia.com https://analytics-fe.digital-cloud-hnd1.medallia.com;
style-srchttps://md-scp.kampyle.com https://resources.digital-cloud-hnd1.medallia.com;
base-urihttps://md-scp.kampyle.com;

Customers on GovCloud staging properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.medallia.com;
script-src*.medallia.com;
frame-src*.medallia.com;
font-src*.medallia.com;
img-src*.medallia.com;
style-src*.medallia.com;

If the CSP is not using wildcards, allow these domains:

connect-src https://resources.digital-cloud-gov-stg.medallia.com https://ubt-lb.digital-cloud-gov-stg.medallia.com https://analytics-fe.digital-cloud-gov-stg.medallia.com;
script-srchttps://resources.digital-cloud-gov-stg.medallia.com https://analytics-fe.digital-cloud-gov-stg.medallia.com;
frame-srchttps://resources.digital-cloud-gov-stg.medallia.com;
font-srchttps://resources.digital-cloud-gov-stg.medallia.com;
img-src https://resources.digital-cloud-gov-stg.medallia.com https://analytics-fe.digital-cloud-gov-stg.medallia.com;
style-src https://resources.digital-cloud-gov-stg.medallia.com;

Customers on GovCloud production properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.medallia.com;
script-src*.medallia.com;
frame-src*.medallia.com;
font-src*.medallia.com;
img-src*.medallia.com;
style-src*.medallia.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://resources.digital-cloud-gov.medallia.com https://ubt.digital-cloud-gov.medallia.com https://analytics-fe.digital-cloud-gov.medallia.com;
script-srchttps://resources.digital-cloud-gov.medallia.com https://analytics-fe.digital-cloud-gov.medallia.com;
frame-srchttps://resources.digital-cloud-gov.medallia.com;
font-srchttps://resources.digital-cloud-gov.medallia.com;
img-srchttps://resources.digital-cloud-gov.medallia.com https://analytics-fe.digital-cloud-gov.medallia.com;
style-srchttps://resources.digital-cloud-gov.medallia.com;

Customers on GovCloud VA properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.medallia.com;
script-src*.medallia.com;
frame-src*.medallia.com;
font-src*.medallia.com;
img-src*.medallia.com;
style-src*.medallia.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://resource.digital.voice.va.gov https://ubt.digital.voice.va.gov https://analytics-fe.digital.voice.va.gov;
script-srchttps://resource.digital.voice.va.gov https://analytics-fe.digital.voice.va.gov;
frame-srchttps://resource.digital.voice.va.gov;
font-srchttps://resource.digital.voice.va.gov;
img-srchttps://resource.digital.voice.va.gov https://analytics-fe.digital.voice.va.gov;
style-srchttps://resource.digital.voice.va.gov;

Customers on EU Main properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.eu;
script-src*.kampyle.com *.medallia.eu;
frame-src*.kampyle.com *.medallia.eu;
font-src*.kampyle.com *.medallia.eu;
img-src*.kampyle.com *.medallia.eu;
style-src*.kampyle.com *.medallia.eu;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://ubt-eu.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-eu-main.medallia.eu;
script-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-eu-main.medallia.eu;
frame-srchttps://nebula-cdn.kampyle.com;
font-srchttps://nebula-cdn.kampyle.com;
img-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-eu-main.medallia.eu;
style-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on US main properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.kampyle.com *.medallia.com;
font-src*.kampyle.com *.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://ubt-us.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-us-main.medallia.com;
script-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-us-main.medallia.com;
frame-srchttps://nebula-cdn.kampyle.com;
font-srchttps://nebula-cdn.kampyle.com;
img-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-us-main.medallia.com;
style-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on AU (SYD1) properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com.au;
script-src*.kampyle.com *.medallia.com.au;
frame-src*.kampyle.com *.medallia.com.au;
font-src*.kampyle.com *.medallia.com.au;
img-src*.kampyle.com *.medallia.com.au;
style-src*.kampyle.com *.medallia.com.au;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://ubt-au.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-syd1.medallia.com.au;
script-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-syd1.medallia.com.au;
frame-srchttps://nebula-cdn.kampyle.com;
font-srchttps://nebula-cdn.kampyle.com;
img-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-syd1.medallia.com.au;
style-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on CA main properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.ca;
script-src*.kampyle.com *.medallia.ca;
frame-src*.kampyle.com *.medallia.ca;
font-src*.kampyle.com *.medallia.ca;
img-src*.kampyle.com *.medallia.ca;
style-src*.kampyle.com *.medallia.ca;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://ubt-can.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.ca;
script-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.ca;
frame-srchttps://nebula-cdn.kampyle.com;
font-srchttps://nebula-cdn.kampyle.com;
img-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.ca;
style-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com;
base-urihttps://md-scp.kampyle.com;

Customers on SMF1 properties

For Digital surveys to function correctly on your website, your CSP should allow these domains:

connect-src*.kampyle.com *.medallia.com;
script-src*.kampyle.com *.medallia.com;
frame-src*.medallia.com;
font-src*.medallia.com;
img-src*.kampyle.com *.medallia.com;
style-src*.kampyle.com *.medallia.com;
base-uri*.kampyle.com;

If the CSP is not using wildcards, allow these domains:

connect-srchttps://md-scp.kampyle.com https://ubt-can.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.com;
script-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.com;
frame-srchttps://nebula-cdn.kampyle.com;
font-srchttps://nebula-cdn.kampyle.com;
img-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com https://analytics-fe.digital-cloud-can-main.medallia.com;
style-srchttps://md-scp.kampyle.com https://nebula-cdn.kampyle.com;
base-urihttps://md-scp.kampyle.com;