Professor Sloth

Feature Release

Announcing Unified Web Performance: automatic lab testing, real user monitoring, and Google SEO scores.

Learn more
Docs » Browser Agent » Content Security Policy (CSP)

Content Security Policy (CSP)

Learn how to set your Content Security Policy rules to allow for secure loading of Request Metrics.

Content Security Policy, or CSP, are security rules that specify which domains a web browser is allowed to load and run content from for your website. These rules can be specified as HTTP headers, or as HTML Meta tags. Learn more about Content Security Policy.

Content Security Policy for Request Metrics

Request Metrics loads (script-src) from cdn.requestmetrics.com and sends data (connect-src) to in.requestmetrics.com. Both need to be allowed in your CSP for Request Metrics to function properly.

CSP Header Example

For example, here is a Content Security Policy header that allows your website and Request Metrics:


Content-Security-Policy: default-src 'self';
  script-src 'self' 'cdn.requestmetrics.com';
  connect-src 'self' 'in.requestmetrics.com';
Content Security Policy HTTP header example

CSP Meta Tag Example

Or as an HTML Meta tag:


<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; script-src 'self' 'cdn.requestmetrics.com' connect-src 'self' 'in.requestmetrics.com';" />
Content Security Policy HTML tag example
Found a mistake? Let us know!