Content Security Policy

If your web app uses Content Security Policy (CSP) , you’ll need to ensure that your policy allows Userflow.js requests.

Your policy must allow the following:

connect-src:
  https://e.userflow.com
  https://js.userflow.com
  wss://e.userflow.com

script-src:
  https://js.userflow.com

style-src:
  https://js.userflow.com

img-src:
  https://js.userflow.com
  https://storage.googleapis.com/studio1-prod-blob/

media-src:
  https://storage.googleapis.com/studio1-prod-blob/

A few notes:

  • The name studio1 (in the storage.googleapis.com URLs) was the company’s original name and is therefore used for legacy reasons.

Got questions? We're here for you!

The best way to get help is to
We usually reply within 5 minutes
You can also send an email to support@userflow.com
We usually reply within a few hours