Hello GB Team! According to https://docs.growthbook.io/lib/script-tag#content-security-policy-csp

Second, if you plan to use the Visual Editor to inject custom javascript into your site, you need to allow both usafe-inline and unsafe-eval.

And what about text changing for A/B test? I want to change some text on buttons, headers etc. via GB for some variants. Do I need to modify a CSP or this works in other way than injecting js and elements manipulating by js?

hi Mario - I believe you don't need to if you're just making DOM changes