Content Security Policy (CSP) Settings

Content-Security-Policy

This section is only relevant if you use CSP directives on your site. If you don't have any CSP directives configured, you don't need to change that.

One common cause for DBA Replay to fail is the browsers Content-Security-Policy (CSP). If the CSP is configured incorrectly, the scripts responsible for recording cannot be executed, or the connection to WebSocket will fail. You can check for CSP errors by pressing the F12 button in Chrome to open the Dev Tools and look for error message which mention Content-Security-Policy. The message would look something like this (in this case a wrong configuration for script-scr):

990990

In order to resolve these CSP errors, you must add DBA Replay scripts to your directives whitelist. See the Web SDK Content Security Policy for more information on adding directives to your whitelist.

Verify CSP Headers

  1. Navigate to the site you want to test.

  2. Press F12 to open the Chrome Dev Tools.

  3. Now reload the page (important).

  4. Click on the Network Tab in the Dev Tools (Bubble 1).

  5. Click on the first entry inside the Name list. The name will be different for your site (Bubble 2).

  6. Inside the Headers Tab look for the entry or Content-Security-Policy (Bubble 3).

  7. a) If you don't have a CSP entry, you don't have to do anything. DBA Replay should work correctly.

    b) If you do have a CSP entry, check for the directives explained above. If you find any of the five, please modify them to support DBA Replay.
    Note: You do not need to add a directive that is not used on your site, only modify the existing ones that match the directives above.

12291229