CSP for Intercom Live Chat: A Before and After Case Study
I’ve seen this exact problem a bunch of times: a team has a pretty decent Content Security Policy, marketing wants Intercom, someone pastes the vendor snippet into the site, and suddenly the browser console looks like a crime scene. The hard part isn’t getting Intercom to load. The hard part is getting it to load without wrecking a policy that was actually doing useful work. Here’s a realistic case study using a real baseline CSP from headertest.com, then tightening it up for Intercom live chat with minimal blast radius. ...