Content Security Policy

Content-Security-Policy (CSP) is a security feature that restricts what content can be loaded on a website. It allows web developers to specify the sources from which a browser is allowed to load resources. CSP is implemented via HTTP headers or meta tags, providing a way to control resources like scripts, styles, images, and other content. This article is intended for developers working on websites that enforce CSP rules and integrate with mParticle.

The mParticle Web SDK makes requests to the following domains:


We recommend adding https://* to your CSP whitelist to ensure that there is uninterrupted data flow if we ever add or modify any subdomains.

9/17/2024 Update to subdomains

mParticle stores and processes data in various silos (US1, US2, EU1, AU1, etc.). Currently, all requests are sent to the above generic subdomains which is managed by our CDN provider, Fastly. As an example, a request sent to will then be rerouted by Fastly to the specific silo such as, which adds an extra step before reaching our servers. Our aim is to enhance the real-time performance of our platform by removing the extra step.

What’s Changing?

Starting September 15th, 2024, all requests will be sent directly to silo endpoints, bypassing Fastly. This does not affect you if you use a CNAME in your mParticle SDK configuration. Below are the new endpoint details.

Previous Endpoint Subdomain New Endpoint Subdomain Starting 9/15/2024 https://jssdks.[silo] https://identity.[silo] This subdomain is used to fetch the SDK or configuration and will not change

Because of this upcoming change, having a single wildcard for https://* in your CSP whitelist will ensure uninterrupted data flow to mParticle.

Was this page helpful?