Troubleshooting: Web SDK
Script not loading�
Symptoms: told function is undefined, no surveys appear.
| Check | Solution |
|---|---|
Script in <head>? | Open DevTools > Elements > verify the script tag exists |
| Correct URL? | Must be https://scripts.told.club/sdk/sdk.js |
| JavaScript errors? | Check the browser console for errors |
| CSP blocking? | Look for "Content Security Policy" errors in the console > see CSP section below |
| Ad blocker? | Temporarily disable ad blocker and retry |
| Network blocked? | Check DevTools > Network tab for failed requests to scripts.told.club |
Content Security Policy (CSP)
If your website uses a Content Security Policy, you need to allow all Told domains. CSP violations appear as errors in the browser console, typically starting with "Refused to...".
Add these domains to your CSP header or meta tag:
| Domain | Used for | CSP directives |
|---|---|---|
https://scripts.told.club | SDK script | script-src |
https://widget.told.club | Survey widget (iframe) | frame-src, connect-src |
https://producttour.told.club | Product tour (iframe) | frame-src, connect-src |
https://producttoureditor.told.club | Product tour editor (iframe) | frame-src, connect-src |
https://api.told.club | API (GraphQL) | connect-src |
wss://api.told.club | WebSocket (real-time) | connect-src |
https://app.told.club | Dashboard communication | frame-src |
Example CSP header:
Content-Security-Policy:
script-src 'self' https://scripts.told.club;
frame-src 'self' https://widget.told.club https://producttour.told.club https://producttoureditor.told.club https://app.told.club;
connect-src 'self' https://api.told.club wss://api.told.club https://widget.told.club https://producttour.told.club https://producttoureditor.told.club;
If you only whitelist some of these domains, parts of Told may work while others silently fail. For example, surveys might load but product tours won't, or the SDK might load but can't reach the API.
SDK loaded but surveys don't appear
- Run
told('debug')in the browser console to see diagnostic info - Check that the Source ID is correct
- Verify the survey is activated (Publish tab)
- Verify trigger conditions are met (correct URL, event, scroll depth)
- Check "Display only once" — may have already triggered for this visitor
- Clear
localStorageand reload the page (this resets the anonymous user)
Invalid hostname / "Source not allowed"
The SDK validates your domain against the URLs registered in your source settings. If you see "TOLD: Source not allowed" in the console:
- Check that the URL configured in Source settings matches your website's domain exactly (including protocol)
- For local development, make sure your source is configured for
localhost - If your site redirects users (e.g., from a login page to the app), set a redirection URL in Settings > Installation (step 2, "..." menu > "Edit redirection URL")
Iframe blocked
The Told widget and product tours display inside iframes. If they're blocked:
- Check your CSP
frame-srcdirective > see CSP section above - Check if
X-Frame-Optionsheaders on your site are blocking cross-origin iframes - If you use a reverse proxy (Nginx, Cloudflare), verify it doesn't strip or override frame-related headers
Surveys don't appear on some pages (SPA)
The SDK automatically detects route changes in single-page applications by intercepting history.pushState(), history.replaceState(), and listening for popstate and hashchange events.
If surveys don't trigger on route changes:
- Verify your app uses the standard History API for navigation
- Check that your URL trigger pattern matches the full path (not just the hash)
- Test with
told('debug')on the page where the survey should appear
localStorage blocked (private browsing)
In private/incognito browsing or when cookies are blocked, localStorage may be unavailable. When this happens:
- The anonymous ID is regenerated on each page load (the user is treated as a new visitor every time)
- Language preferences don't persist
- "Display only once" rules may not work as expected
If you know your users will be in a restricted storage environment, use the noLocalStorage option:
told('init', 'YOUR_SOURCE_ID', { noLocalStorage: true });
Script loaded twice
If the SDK script is included twice on the same page (e.g., via both a direct <script> tag and a tag manager), the SDK detects duplicate initialization with the same Source ID and ignores the second call. This is handled automatically — no action needed.
However, if the script is bundled twice (e.g., by a build tool like webpack), two SDK instances may be created. To fix this:
- Ensure the script tag points to the hosted URL (
https://scripts.told.club/sdk/sdk.js) rather than being bundled - If you must bundle it, ensure your bundler doesn't create duplicate chunks
Performance impact
The Told SDK:
- Loads asynchronously — it doesn't block page rendering
- Runs surveys and product tours in isolated iframes
- Only connects to the API when triggers match or when you call SDK functions
Still stuck?
- Use
told('debug')to get diagnostic information - Contact support at [email protected]
Related pages
- SDK Functions — Full API reference
- Web SDK Installation