Content Security Policies

A Content Security Policy (CSP) allows you to list trusted external and internal scripts, styles, images and other content sources.

These are implemented via a HTTP response header named “content-security-policy”. You can see an example of this below:

CSP_1.png

If your domain utilises policy directives such as default-src, script-src, connect-src and img-src you will need to authenticate several SessionCam environments to allow us to serve scripts which monitor and record user interaction.

You can find these listed below:

  1. https://*.sessioncam.com
  2. https://d2oh4tlt9mrke9.cloudfront.net
  3. ws://*.sessioncam.com
  4. wss://*.sessioncam.com

If you use any experimental CSP directives, the above domains may also need adding to these; accessing your the network events within your browser's developer tools will highlight these, if so.

You can see an example of a updated Content Security Policy below:
Content-Security-Policy: default-src 'self' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com;