This guide explains the recommended way to install IMSupporting live chat and the security headers you may need.
1) Install from your Admin Dashboard
For account accuracy and security, always use your own integration setup from the dashboard.
- Sign in to your IMSupporting Admin Dashboard.
- Open Website Integrations.
- Select your website platform or integration method.
- Follow the on-screen setup instructions shown for your account.
2) Plugin Options
If your CMS supports a plugin workflow, this is usually the easiest way to deploy and maintain live chat.
- WordPress: Install the official IMSupporting WordPress Plugin.
- Other platforms: Open Website Integrations in your dashboard to view currently supported options.
3) CSP / Security Headers (if used)
If your site uses Content Security Policy (CSP), allow IMSupporting domains so the widget can load, connect, and render correctly.
CSP directives to review
- script-src: allow
*.imsupporting.comto load widget scripts. - frame-src: allow
*.imsupporting.comfor chat iframe rendering. - connect-src: allow
*.imsupporting.comfor API/websocket connectivity. - img-src: allow required image assets from IMSupporting domains.
- worker-src: include
blob:where policy requires it for background worker support.
If you use framing restrictions, avoid blanket deny rules that block the chat iframe. Use CSP directives carefully and test your live pages after deployment.
Installation FAQ
Where do I get the correct installation method for my account?
Use Website Integrations in your Admin Dashboard. It contains the latest account-specific setup path.
Should I use a plugin or manual integration?
If your platform supports it, use the official plugin for easier updates. Otherwise use the method listed in Website Integrations.
Do I need CSP changes on every website?
No. CSP updates are only needed if your site already enforces a Content Security Policy.