Skip to main content

🔑 Content Security Policy (CSP)

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

If you are making use of CSP, you must add the following directives to your CSP header:

frame-src 'self' https://*.gleap.io;
script-src 'self' https://*.gleap.io;
style-src 'self' 'unsafe-inline';
connect-src 'self' https://*.gleap.io wss://ws.gleap.io;
media-src 'self' https://*.gleap.io;
img-src 'self' https://*.gleap.io;

Depending on your setup you might need to do some further customizations. Please check the console log for any CSP errors.