Plugin Support
Daniel
(@danielschoenherr)
Hi @krishanpatel
I’ve checked why the map on your website isn’t displaying correctly, and here’s what I found:
Your website currently has a very restrictive Content Security Policy (CSP) in place. This is a security feature that defines which external resources (like images and scripts) are allowed to load. In your case, the settings are very strict — they only allow loading images from your own domain.
Because of this, the map tiles that Open User Map relies on (served by the external provider cartocdn.com) are being blocked. That’s why the background map doesn’t appear.
Currently it blocks your Google Tag Manager scripts as well.
This kind of strict policy is typically set by:
- A security plugin (e.g. “HTTP Headers” or “Really Simple SSL Pro”),
- Or special settings on the server or CDN level (like in NGINX, Apache, or Cloudflare).
To fix the issue, the policy needs to be slightly adjusted to allow loading images from the map provider. This is a safe change and only allows access to specific, trusted resources that are required for the map to function.
Best regards,
Daniel
Hi Daniel,
Thanks for your reply, do you know what change I need to make to the policy in order to get the map working.
Thanks
Krish
Plugin Support
Daniel
(@danielschoenherr)
Hi Krish,
You need to add this to the policy:
img-src 'self' data: https://*.cartocdn.com;
This line tells the browser it’s safe to load images (like map tiles) from cartocdn.com, which is the source used by Open User Map. Be aware that if you change the map style in the settings, there might be a different map tile source that needs to be allowed.
If your CSP is set via a WordPress security plugin, look for a “Content Security Policy” section and add https://*.cartocdn.com to the image sources.
PS: As I noticed before, you are currently blocking GTM sources as well. This is not relevant for Open User Map – but you might want to allow GTM too.
Best regards,
Daniel
