This guide covers how to whitelist your Moodle domain in the PebblePad global administration panel.


The installation of this integration is not fully self-serve and requires the assistance of a PebblePad Implementation Engineer. Before starting, please read the overview page and make contact with the PebblePad Helpdesk to schedule a co-ordinated project. Starting unassisted may risk breaking an existing integration and/or delays in support.

Open video full screen 

Stage 1 (below) and Stage 2 (on the following page) must be completed consecutively during the same 'web session' in order for your browser to authenticate the tool set-up correctly.

Login to PebblePad using an account with a Global Admin role.

1: Login to PebblePad Global Admin

  • Use the Burger icon to open the sidebar menu
  • Select Additional Settings and Administration to open the global administration panel

2: Add/check Content Security Policy

If you have an existing Moodle integration set-up already, use the following to check the settings are correct. There isn't a need to re-add for a second time.
  • Select Settings tab from the main menu
  • Scroll down the page to the General section
  • Tick Content Security Policy header checkbox
  • Scroll to the bottom of the page and select the Update button
  • Return to the Content Security Policy header text area
  • Add your Moodle URL domain in the whitelist text area (e.g. - link must end with /)
  • Scroll to the bottom of the page
  • Select the Update button to confirm

Stage 2: Add External Tool >