Content Security Policy

New
  • Published on Jul 8, 2025
  • 1 minute(s) read
Prev Next

If your web app uses Content Security Policy (CSP), you’ll need to ensure that your policy allows Userflow.js requests.

Your policy must allow the following:

connect-src:
  https://cdn.userflow.com
  https://e.userflow.com
  https://js.userflow.com
  wss://e.userflow.com

script-src:
  https://cdn.userflow.com
  https://js.userflow.com

style-src:
  https://cdn.userflow.com
  https://js.userflow.com

img-src:
  https://blob.userflow.com
  https://cdn.userflow.com
  https://js.userflow.com
  https://storage.googleapis.com/studio1-prod-blob/

media-src:
  https://blob.userflow.com
  https://cdn.userflow.com
  https://storage.googleapis.com/studio1-prod-blob/

A few notes:

  • The name studio1 (in the storage.googleapis.com URLs) was the company’s original name and is therefore used for legacy reasons.

Related articles