Content Security Policy (CSP) is a computer security standard designed to give you full control over who can access JavaScript, CSS, HTML, and other resources on you are hosting on your website.

Normally the CSP is delivered as a header to your users' browser by your web-server and for many websites, it simply declares that only scripts/styles from your own domain and that of any tools that you are using is allowed.

Adding Mouseflow to your CSP

If you are using a default CSP then adding the below to your default-src rules should be sufficient.

default-src ... *.mouseflow.com;

If you want stricter restrictions we would recommend the setup below to ensure that your policies will be more future-proof as we expand our services. Here's an example of what that may look like:

img-src ... *.mouseflow.com;
script-src ... *.mouseflow.com;
connect-src ... *.mouseflow.com;
frame-src ... *.mouseflow.com;
child-src ... *.mouseflow.com;
font-src ... *.mouseflow.com;

Note: The '...' in the examples above designate already existing content in your CSP

If you are unsure how to change this setting in your Content Security Policy please contact your developer, DevOps team, or your web site provider.

Did this answer your question?