Skip to main content
This is a pilot feature according to Algolia’s Terms of Service (“Beta Services”). Functionality may change before general availability.
This page covers the content security policy directives Algolia Experiences needs, and answers to common questions you might run into after embedding an experience on your site.

Content security policy

If your site uses a content security policy (CSP), add the following directives so Algolia Experiences can load and fetch its configuration: 
connect-src https://*.algolia.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io;
script-src  https://cdn.jsdelivr.net https://*.algolia.com;
  • *.algolia.com covers the Experiences API (experiences.algolia.com), the bundle resolver (experiences.resolver.algolia.com), and the runtime bundle (experiences.cdn.algolia.com).
  • cdn.jsdelivr.net hosts the loader script. It’s already required if you use InstantSearch or the Insights library.

Common issues

The autocomplete doesn’t appear

Check that the container element exists on your page and matches the selector configured in the editor.

You don’t see your latest changes

Hard-refresh the page. Your browser can cache the bundle and the configuration.

CSP errors in the browser console

See Content security policy for the directives Algolia Experiences needs.

The experience disappears after a route change

If your site is a React single-page app, the default <script> snippet only loads the library once and doesn’t re-initialize after client-side navigation. Follow Use in React to wire up a Hook that calls run() and dispose() on each route change.
Last modified on May 21, 2026