Content Security Policy

If your web app uses Content Security Policy (CSP), you’ll need to ensure that your policy allows Userflow.js requests.

Your policy must allow the following:

connect-src:
  https://cdn.userflow.com
  https://e.userflow.com
  https://e.eu.userflow.com
  https://js.userflow.com
  wss://e.userflow.com
  wss://e.eu.userflow.com

script-src:
  https://cdn.userflow.com
  https://js.userflow.com

style-src:
  https://cdn.userflow.com
  https://js.userflow.com

img-src:
  https://blob.userflow.com
  https://cdn.userflow.com
  https://js.userflow.com
  https://storage.googleapis.com/studio1-prod-blob/

media-src:
  https://blob.userflow.com
  https://cdn.userflow.com
  https://storage.googleapis.com/studio1-prod-blob/

frame-src:
   https://cdn.userflow.com

A few notes:

• The name studio1 (in the storage.googleapis.com URLs) was the company’s original name and is therefore used for legacy reasons.