Normally the CSP is delivered as a header to your users' browser by your web-server and for many websites, it simply declares that only scripts/styles from your own domain and that of any tools that you are using is allowed.
Adding Mouseflow to your CSP
If you are using a default CSP then adding the below to your default-src rules should be sufficient.
default-src ... *.mouseflow.com;
If you want stricter restrictions we would recommend the setup below to ensure that your policies will be more future-proof as we expand our services. Here's an example of what that may look like:
img-src ... *.mouseflow.com;
script-src ... *.mouseflow.com;
connect-src ... *.mouseflow.com;
frame-src ... *.mouseflow.com;
child-src ... *.mouseflow.com;
font-src ... *.mouseflow.com;
Note: The '...' in the examples above designate already existing content in your CSP
If you are unsure how to change this setting in your Content Security Policy please contact your developer, DevOps team, or your web site provider.