Welcome to Highlight
Getting Started
Overview
Backend SDK
Overview
Express Backend
Go Backend
Next.js Backend
Node.js Backend
Client SDK
Angular
Overview
Gatsby.js
HTML
Next.js
Other
React.js
Shopify
Squarespace
SvelteKit
Vue.js
Webflow
WordPress
Next.js SDK
Highlight()
Metrics
nope
Overview
withHighlightConfig()
Tips
Content-Security-Policy
Local Development
Monkey Patches
Performance Impact
Proxying Highlight
Session Search Deep Linking
Troubleshooting
Upgrading Highlight
Session Replay
Console Messages
HTML iframe Recording
Identifying Users
Live Mode
Network DevTools
Privacy
Rage Clicks
Recording Network Requests and Responses
Session Sharing
Session Shortcut
Tracking Events
Versioning Sessions
Error Monitoring
Grouping Errors
Sourcemaps
Versioning Errors
Product Features
Alerts
Analytics
Canvas
Comments
Environments
Frontend Observability
Keyboard Shortcuts
Performance Data
Segments
Session Search
Team Management
User Feedback
Web Vitals
WebGL
Integrations
Amplitude Integration
Clearbit Integration
Electron Integration
Front Plugin
Intercom Integration
Linear Integration
Mixpanel Integration
React.js Integration
Segment Integration
Sentry Integration
Slack Integration
Vercel Integration
highlight.run Changelog
5.0.0
Menu

Content-Security-Policy

You should keep reading this if your application runs in an environment that enforces content security policies.

Content-Security-Policy allows you to tell the browser what and how your page can interact with third-party scripts.

Here are the policies you'll need to set to use Highlight:

  1. script-src: https://static.highlight.run/

    1. This policy is to allow downloading the Highlight runtime code for session recording and error monitoring.
  2. connect-src: https://pub.highlight.run

    1. This policy is to allow connecting with Highlight servers to receive recorded session data.