RightMessage Compatibility Mode: 'Content-Security-Policy' | RightMessage

RightMessage is showing ‘Compatibility Mode’ in the campaign editor

In order to personalize your campaigns and use the RightMessage campaign editing area, you will need to grant RightMessge specific privileges to be able to personalize your website.

In the RightMessage campaign editing area, you may see the below error screen:


This message will display if your web server or firewall is configured to block being loaded within a frame, iframe or object.

Personal Panda says:


When your site is being shown in compatibility mode, you will not be able to use navigate mode in the campaign editing area to click around the site you are personalizing. If this is the case, type the direct URL into the URL bar.

Resolving compatibility mode

In order to resolve the ‘Compatibility Mode’ message, you will need to make and adjustment to the http, server or site configuration file.

Click on the ‘Click here for helplink to reveal the code that needs to be added or adjusted.

I’m being prompted to adjust the ‘Content Security Policy’ on my website header

One of the solutions for resolving compatibility mode in RightMessage is to make an adjustment to the ‘Content-Security-Policy’ header for your website.


When your browser loads a website, it loads other assets to help the website render correctly in the browser, such as stylesheets, fonts, and javascript files.

Adding a ‘Content-Security-Policy’ (CSP) to your website header allows you to define a whitelist of approved sources of content for your site. By restricting the assets that a browser can load for your site, a Content-Security-Policy can act as an effective countermeasure to website attacks.

Why your content security policy needs to be adjusted for RightMessage to work

For your website to work with RightMessage, the ‘content-security-policy’ headers must be updated in order for RightMessage to load pages you wish to personalize, run the personalizations you add to a website, and track the results added to your conversion goals.

Without the correct ‘Content-Security-Policy’ permissions enabled, modern browsers will be unable to work with RightMessage. As a result, your visitors will not see the personalizations you have added to enhance their experience with your website.

Content-Security-Policy spec (W3C Recommendation)