BookingCenter's BookingEngine has a Content Security Policy (CSP) in place for security purposes.  This is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.

In most cases, you will have code set as an inline script. Inline Scripts are blocked by default with our content security policy.

Sample code of an inline script:


Note that any third party tracking code from systems such as Sojern, DerbySoft, Fuel Travel, etc (basically any marketing company tracking Booking Engines) will need to be approved by BookingCenter. And that the code that gets installed into your Booking Engine to perform the tracking needs is ultimately the responsibility of you, our property partner. If you let us know once your approved vendor has placed their tracking code, tested it on their servers, and you have found the results to be useful,  we will analyze it before placing it into the BookingCenter server CSP domain.  Just contact Support to let us know once that is ready. 

Our current approved list of vendors:

BookingCenter requires that an MSO 'Premium Marketing contract' is in place in order for this to work. Go to: to request the service or call us at +1-707-874-3922 ext 201.

  • No labels