Squarespace Custom Domain Javascript

How JavaScript Works on Squarespace Custom Domains

When you connect a custom domain to your Squarespace site, all your pages serve from that domain. JavaScript you add through Code Injection or Code Blocks runs in the context of your custom domain, which means cookies set by your scripts, localStorage data, and same-origin API calls all use your custom domain as the origin.

This is important for analytics scripts (which track visits per domain), authentication systems (which scope sessions to a domain), and any JavaScript that makes API requests to your own backend services. If you previously ran scripts on a Squarespace subdomain and then switched to a custom domain, you may need to update domain references in your scripts.

Adding JavaScript to Your Squarespace Site

Site-Wide JavaScript via Code Injection

Go to Settings > Advanced > Code Injection. The Header field inserts scripts into the <head> of every page. The Footer field inserts scripts before the closing </body> tag. Use the header for scripts that must load before the page renders (analytics, custom fonts, meta tags). Use the footer for scripts that can load after content (chat widgets, animations, tracking pixels).

Always use async or defer attributes on header scripts to prevent render-blocking. For a complete guide to all injection points, our article on custom code injection on Squarespace covers header, footer, page-level, and order confirmation injection.

Page-Specific JavaScript via Code Blocks

Code Blocks insert JavaScript at a specific position on a specific page. Add a Code Block, paste your script, and set the display mode to HTML. The script runs inline with the page content at the block's position. Use Code Blocks for page-specific functionality - interactive calculators, embedded third-party tools, or dynamic content that should only appear on one page.

Page-Level Header Injection

Each page has its own header injection field under the page settings gear icon > Advanced tab. Scripts here only load on that specific page's head section. Use this for page-specific tracking codes, A/B testing scripts, or any JavaScript that should not run site-wide.

Common JavaScript Use Cases on Custom Domain Squarespace Sites

Analytics and Conversion Tracking

Google Analytics 4, Google Tag Manager, Facebook Pixel, and other tracking scripts all go in Code Injection. These scripts reference your custom domain automatically - when a visitor loads a page on yourbusiness.com, the analytics script records a pageview for that domain. No additional domain configuration is needed in the script itself.

Custom Domain-Specific Cookies

JavaScript that sets cookies on your Squarespace site will scope those cookies to your custom domain. If you use multiple subdomains (blog.yourbusiness.com, shop.yourbusiness.com), you may need to set the cookie domain explicitly to .yourbusiness.com (with the leading dot) so the cookie is accessible across all subdomains.

Third-Party API Integrations

JavaScript that calls external APIs from your Squarespace site is subject to CORS (Cross-Origin Resource Sharing) rules. The external API must allow requests from your custom domain. If you are building an integration that calls your own API server, add your Squarespace custom domain to the API's CORS whitelist.

Custom Form Handling

JavaScript can enhance Squarespace's native forms with client-side validation, conditional logic, and custom submission handling. Scripts that intercept form submissions and send data to external services (CRMs, spreadsheets, webhooks) work the same way on custom domains as on Squarespace subdomains. For form and code techniques, our guide to adding custom code to Squarespace covers implementation details.

Domain-Related JavaScript Considerations

SSL and Mixed Content

Squarespace enforces HTTPS on all custom domains. Any JavaScript you add must load external resources over HTTPS, not HTTP. A script that loads an HTTP resource on an HTTPS page creates a "mixed content" warning and may be blocked by the browser. Check that all CDN links, API endpoints, and external asset URLs in your scripts use HTTPS.

Content Security Policy

Squarespace does not expose Content Security Policy headers for direct editing, but some scripts may conflict with the platform's default CSP. If a third-party script fails to load, check the browser console for CSP violation errors. Most reputable third-party tools (analytics, chat, widgets) are already compatible with Squarespace's CSP.

Domain Migration and Script Updates

If you change your custom domain (from olddomain.com to newdomain.com), update any JavaScript that references your domain explicitly - analytics property settings, cookie domains, API whitelist entries, and hardcoded URLs. Squarespace handles the domain change for your pages automatically, but your custom scripts may contain hardcoded domain references that need manual updating.

Testing JavaScript on Your Custom Domain

Use browser developer tools. Open the Console tab to check for JavaScript errors. Open the Network tab to verify scripts are loading correctly. Open the Application tab to inspect cookies and localStorage. These tools show you exactly what your scripts are doing on your live custom domain.

Test in incognito mode. Browser extensions and cached data can interfere with script testing. Open an incognito window to see what a first-time visitor experiences on your custom domain. For broader testing strategies, our Squarespace design tips guide covers preview and testing workflows.

Check mobile behavior. Mobile browsers handle JavaScript differently - touch events replace hover events, viewport sizes trigger different breakpoints, and some browsers restrict autoplay for media. Test your scripts on actual mobile devices, not just the Squarespace mobile preview.

Troubleshooting JavaScript Issues on Squarespace Custom Domains

Script Not Loading

Check the browser console for errors. Common causes: the script URL is incorrect or uses HTTP instead of HTTPS, the script is in the wrong injection field (header vs. footer), or a browser extension is blocking it. Try disabling ad blockers and testing in incognito.

Script Works on Initial Load but Breaks on Navigation

Squarespace uses AJAX page transitions - clicking a link updates the page content without a full reload. Scripts that only initialize on page load will not re-run when visitors navigate. Wrap your script initialization in an event listener that also triggers on Squarespace's AJAX navigation events to ensure it runs on every page view.

Script Conflicts with Squarespace's Own JavaScript

If your custom script uses a library that Squarespace also loads (like jQuery), version conflicts can occur. Check the browser console for errors and use noConflict mode if you are loading a separate jQuery version. For library-free alternatives, consider vanilla JavaScript which avoids dependency conflicts entirely. For CSS-related troubleshooting, our guide to adding custom CSS to Squarespace covers debugging visual issues caused by script-injected styles.

Cookies Not Persisting Across Pages

If cookies set by your JavaScript disappear when visitors navigate to other pages, check the cookie's path and domain attributes. Set path=/ to make the cookie accessible on all pages. If using subdomains, set the domain to .yourdomain.com. Also check that your cookie is not being blocked by the visitor's browser privacy settings. For site-wide optimization, our Squarespace SEO guide covers technical site health including script performance.

Make JavaScript Work for Your Custom Domain Squarespace Site

Custom JavaScript on a Squarespace site with a custom domain follows the same rules as any Squarespace site - Code Injection for site-wide scripts, Code Blocks for page-specific functionality, and careful attention to HTTPS, CORS, and AJAX navigation. Your custom domain adds a professional URL to your site without changing the scripting fundamentals.

Add scripts deliberately, test on multiple browsers and devices, handle AJAX navigation properly, and keep your Code Injection fields organized. That foundation lets you add any JavaScript functionality your site needs while keeping everything stable and maintainable.