Professor Sloth

Free web performance master class

Learn about web performance and how to make your site faster, delivered straight to your inbox.

Subscribe
Docs » Browser Agent » Content Security Policy (CSP)

Content Security Policy (CSP)

Learn how to set your Content Security Policy rules to allow for secure loading of Request Metrics.

Content Security Policy, or CSP, are security rules that specify which domains a web browser is allowed to load and run content from for your website. These rules can be specified as HTTP headers, or as HTML Meta tags. Learn more about Content Security Policy.

Content Security Policy for Request Metrics

Request Metrics loads (script-src) from cdn.requestmetrics.com and sends data (connect-src) to in.requestmetrics.com. Both need to be allowed in your CSP for Request Metrics to function properly.

CSP Header Example

For example, here is a Content Security Policy header that allows your website and Request Metrics:


Content-Security-Policy: default-src 'self';
  script-src 'self' 'cdn.requestmetrics.com';
  connect-src 'self' 'in.requestmetrics.com';
Content Security Policy HTTP header example

CSP Meta Tag Example

Or as an HTML Meta tag:


<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self'; script-src 'self' 'cdn.requestmetrics.com' connect-src 'self' 'in.requestmetrics.com';" />
Content Security Policy HTML tag example
Did you like this?
Found a mistake? Let us know!