Content Security Policy (CSP)

Content Security Policy (CSP)

If you are using Content Security Policy (CSP) on your websites, add the following URLs to your existing directives depending on how you setup your Real User Monitoring or browser log collection:

Intake URLs

Depending on the site option used to initialize Real User Monitoring or browser logs collection, add the appropriate connect-src entry:

connect-src https://*.browser-intake-datadoghq.com

connect-src https://*.browser-intake-datadoghq.eu

connect-src https://*.browser-intake-us3-datadoghq.com

connect-src https://*.browser-intake-us5-datadoghq.com

connect-src https://*.browser-intake-ddog-gov.com

Session Replay worker

If you are using Session Replay, make sure to allow Workers with blob: URI schemes by adding the following worker-src entry:

worker-src: blob:;

CDN bundle URL

If you are using the CDN async or CDN sync setup for Real User Monitoring or browser log collection, you should also add the following script-src entry:

script-src https://www.datadoghq-browser-agent.com

Further Reading

Additional helpful documentation, links, and articles: