Content Security Policy

Content-Security-Policy (CSP) is a security feature that restricts what content can be loaded on a website. It allows web developers to specify the sources from which a browser is allowed to load resources. CSP is implemented via HTTP headers or meta tags, providing a way to control resources like scripts, styles, images, and other content. This article is intended for developers working on websites that enforce CSP rules and integrate with mParticle.

The mParticle Web SDK makes requests to the following domains:

• https://jssdkcdns.mparticle.com
• https://jssdks.mparticle.com
• https://identity.mparticle.com

We recommend adding https://*.mparticle.com to your CSP whitelist to ensure that there is uninterrupted data flow if we ever add or modify any subdomains.

October 1st, 2024 Update to subdomains

See here for a detailed FAQ for this update, as well as a detailed walk-through for each platform.

mParticle stores and processes data in various pods (US1, US2, EU1, AU1, etc.). Currently, all requests are sent to the above generic subdomains which is managed by our CDN provider, Fastly. As an example, a request sent to https://jssdks.mparticle.com will then be rerouted by Fastly to the specific pod such as https://jssdks.us1.mparticle.com, which adds an extra step before reaching our servers. Our aim is to enhance the real-time performance of our platform by removing the extra step.

What’s Changing?

Starting October 1st, 2024, all requests will be sent directly to pod endpoints, bypassing Fastly. This only affects you if you have strict CSP rules and DO NOT use a CNAME in your mParticle SDK configuration. Below are the new endpoint details.

Because of this upcoming change, having a single wildcard for https://*.mparticle.com in your CSP whitelist will ensure uninterrupted data flow to mParticle.