You may be using a Content Security Policy (CSP) in order to enhance the security of your webpage. Since this restricts how JavaScript resources are loaded, you'll need an engineer to follow a few more steps. You'll know this is an issue when the following console error is triggered when you try to install the Freshpaint snippet:

An engineer will will need to use the hash given in your console error and add it to the allowlist for the 'script-src' in your CSP:

The following urls will also need to be allowlisted on your CSP in order to load the Freshpaint snippet:

• https://perfalytics.com/static/js/freshpaint.js

• https://perfalytics.com/static/js/integrations.js

• https://perfalytics.com/static/js/editor.js

• https://<custom_subdomain>.cloudfront.net/static/js/freshpaint.js

• https://<custom_subdomain>.execute-api.us-west-2.amazonaws.com/prod

• https://<custom_subdomain>.cloudfront.net/static/js/integrations.js

• https://<custom_subdomain>.cloudfront.net/static/js/editor.js

If you have client-side app destinations integrated, those will have to be added to the allowlist on the CSP as well. Here is an example of a CSP with ad-blocker bypass enabled with the correct urls allowlisted with a Freshpaint client-side Mixpanel destination integration:

<meta http-equiv="Content-Security-Policy" content="img-src 'self';
     script-src 'self' 'sha256-topW5bAl+v+kyY7bBFMyXdN9/0es3zVP+TAWbEMFDAE='      https://<custom_subdomain>.cloudfront.net/static/js/freshpaint.js https://<custom_subdomain>.execute-api.us-west-2.amazonaws.com/prod https://<custom_subdomain>.cloudfront.net/static/js/integrations.js http://cdn.mxpnl.com; style-src 'self'">