Content-Security-Policy

Getting Started with Highlight

Fullstack Mapping

Backend: Tracing

Node.js

Python

Rust

Native OpenTelemetry

Fullstack Frameworks

Overview

Remix Walkthrough

Self Host & Local Dev

Overview

Development deployment guide.

Integrations

Hobby deployment guide.

Highlight Docs

Welcome to highlight.io

Get Started

Roadmap

Company

Highlight.io Changelog

Getting Started

Getting Started with Highlight

Fullstack Mapping

Backend: Tracing

Native OpenTelemetry

Fullstack Frameworks

Self Host & Local Dev

Docs Home

SDK

Client SDK API Reference

Cloudflare Worker SDK API Reference

Go SDK API Reference

Java SDK API Reference

Next.JS SDK API Reference

Node.JS SDK API Reference

Python SDK API Reference

Rust SDK API Reference

Docs / Getting Started / Frontend / JS SDK Configuration / Content-Security-Policy

Content-Security-Policy


You should keep reading this if your application runs in an environment that enforces content security policies.

Content-Security-Policy allows you to tell the browser what and how your page can interact with third-party scripts.

Here are the policies you'll need to set to use Highlight:

`connect-src`: `https://pub.highlight.io`

This policy is to allow connecting with Highlight servers to send recorded session data.

Your CSP definition may look something like this:

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; connect-src https://pub.highlight.io;"
/>


highlight.run version 8.11 changes how we bundle the client so that we no longer require a script-src or worker-src definition. Make sure you are using the latest version of the SDK to use the above CSP policy.

Console Messages Identifying Users

Community / Support Suggest Edits?Follow us!

Content-Security-Policy

connect-src: https://pub.highlight.io

`connect-src`: `https://pub.highlight.io`