CSP - Puntego

Puntego supports strict Content Security Policy installs.

Required script attributes

<script
  async
  src="https://puntego.com/boot.js"
  data-app-id="gp_your_app_id"
  data-gp-api="https://worker.puntego.com"
  crossorigin="anonymous"
  nonce="YOUR_CSP_NONCE"
  data-nonce="YOUR_CSP_NONCE"
></script>

Nonce propagation

boot.js reads the nonce from nonce or data-nonce.
The runtime loader reuses that nonce for follow-on scripts and injected styles.

Installation rule

Copy the canonical snippet from Dashboard -> Install so the app id stays aligned with the deployed worker and embed assets.

Domains Privacy and PII

⌘I