Widget blocked by Content Security Policy

Allow the Maptera iframe in your Content Security Policy.

Last updated April 27, 2026

A strict Content Security Policy on your site can block the Maptera iframe. The fix is to allowlist Maptera in your frame-src directive.

Add this to your CSP header

Content-Security-Policy: frame-src https://maptera.switchlabs.dev;

Or, if you already have a frame-src directive, append to it:

frame-src https://maptera.switchlabs.dev https://your-existing-source.com;

CMS-specific notes

  • WordPress: most security plugins (Wordfence, iThemes, Sucuri) add CSPs and have an allowlist UI in their settings
  • Shopify: the native Shopify embed handles this automatically, but third-party security apps can override it
  • Vercel/Netlify: edit the headers in your config file (vercel.json or _headers)
Was this article helpful?

Related articles

Widget not loading on my website
Diagnose why the embedded store locator is blank or not appearing.
Embed the store locator on your website
How to drop the Maptera widget onto any website with a single snippet.
Did this article miss your question?
Email our team and we will help directly.
Contact support

Contact

Have Questions?

Whether you need help getting started, want to explore enterprise options, or just have a question about Maptera — we'd love to hear from you. We typically respond within one business day.

Response Time
< 24 hours
Email
maptera@switchlabs.dev

By submitting you agree to let Maptera contact you about relevant products and services.