Content Security Policies

A Content Security Policy (CSP) allows you to list trusted external and internal scripts, styles, images and other content sources.

These are implemented via a HTTP response header named “content-security-policy”. You can see an example of this below:


If your domain utilises policy directives such as default-src, script-src, connect-src and img-src you will need to authenticate several SessionCam environments to allow us to serve scripts which monitor and record user interaction.

You can find these listed below:

  1. https://*
  3. ws://*
  4. wss://*

If you use any experimental CSP directives, the above domains may also need adding to these; accessing your the network events within your browser's developer tools will highlight these, if so.

You can see an example of a updated Content Security Policy below:
Content-Security-Policy: default-src 'self' https://* ws://* wss://*;