CSP for A/B Testing With VWO: Pros, Cons, and Tradeoffs
A/B testing tools and strict CSP have a messy relationship. VWO is a good example. Marketing wants fast experiments. Security wants a locked-down policy. Engineering gets stuck in the middle, usually after someone ships unsafe-inline and calls it “temporary.” I’ve had to clean this up more than once. If you’re running VWO on a site with a real Content Security Policy, you need to make a choice: loosen CSP enough for VWO to work easily, or keep a stricter policy and accept extra setup, testing, and occasional friction. ...