Content Security Policy (CSP)

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load. If you are making use of CSP, you must add the following directives to your CSP header:

frame-src 'self' https://*.gleap.io;

script-src 'self' https://*.gleap.io;

style-src 'self' 'unsafe-inline';

connect-src 'self' https://*.gleap.io wss://ws.gleap.io;

media-src 'self' https://*.gleap.io;

img-src 'self' https://*.gleap.io;

Depending on your setup you might need to do some further customizations. Please check the console log for any CSP errors.

Environment Rendering issues

Get Started

SDKs

Server-side event tracking

Guides