Star us on GitHub


You should keep reading this if your application runs in an environment that enforces content security policies.

Content-Security-Policy allows you to tell the browser what and how your page can interact with third-party scripts.

Here are the policies you'll need to set to use Highlight:


This policy is to allow connecting with Highlight servers to send recorded session data.

Your CSP definition may look something like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; connect-src;" />
Copy version 8.11 changes how we bundle the client so that we no longer require a script-src or worker-src definition. Make sure you are using the latest version of the SDK to use the above CSP policy.