Content-Security-Policy

Fullstack Frameworks

Next.JS

Self Host & Local Dev

Overview

Development deployment guide.

Hobby deployment guide.

Highlight Docs

Welcome to highlight.io

Get Started

Company

Integrations

Highlight.io Changelog

Getting Started

Get Started

Fullstack Mapping

Backend: Logging

Fullstack Frameworks

Self Host & Local Dev

Docs Home

SDK

Client SDK API Reference

Cloudflare Worker SDK API Reference

Golang SDK API Reference

Next.JS SDK API Reference

Node.JS SDK API Reference

Python SDK API Reference

Docs / Getting Started / Frontend / JS SDK Configuration / Content-Security-Policy

Content-Security-Policy


You should keep reading this if your application runs in an environment that enforces content security policies.

Content-Security-Policy allows you to tell the browser what and how your page can interact with third-party scripts.

Here are the policies you'll need to set to use Highlight:

script-src: https://static.highlight.io
1. This policy is to allow downloading the Highlight runtime code for session recording and error monitoring.
worker-src: blob: https://static.highlight.io
1. This policy allows our script to create a web-worker which we use to serialize the recording data without affecting the performance of your application.
connect-src: https://pub.highlight.run
1. This policy is to allow connecting with Highlight servers to send recorded session data.

Your CSP definition may look something like this:

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; script-src 'self' https://static.highlight.io; worker-src: blob: https://static.highlight.io; connect-src https://pub.highlight.run;"
/>

Console Messages Identifying Users

Community / Support Suggest Edits?Follow us!