A Content Security Policy (CSP) allows you to list trusted external and internal scripts, styles, images and other content sources.
These are implemented via a HTTP response header named “content-security-policy”. You can see an example of this below:
If your domain utilises policy directives such as:
- default-src,
- script-src,
- connect-src
- img-src
You will need to authenticate several SessionCam environments to allow us to serve scripts which monitor and record user interaction.
You can find these listed below:
- https://*.sessioncam.com
- https://d2oh4tlt9mrke9.cloudfront.net
If you use any experimental CSP directives, the above domains may also need adding to these; accessing your the network events within your browser's developer tools will highlight these, if so.
As we can sometimes deploy code via strings in our script, we ask that you add 'unsafe-eval' to the directives.
You can see an example of a updated Content Security Policy below:
Content-Security-Policy: default-src 'self' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net