Widget doesn't load — CSP and mixed-content errors
If the bubble doesn't appear and the browser console shows a Content-Security-Policy warning, your site has a CSP that's blocking our script.
Symptoms
Console message like:
Refused to load the script 'https://247ch.at/w.js' because it violates the following Content Security Policy directive: ...
Fix
Add our origin to your script-src and connect-src:
Content-Security-Policy:
script-src 'self' https://247ch.at;
connect-src 'self' https://247ch.at wss://247ch.at;
img-src 'self' https://247ch.at data:;
Mixed content
If your page is HTTPS but you accidentally embed the widget with http://, the browser blocks it. Always use the https:// URL — even on staging.