Developers
Content-Security-Policy (CSP) is a security feature that restricts what content can be loaded on a website. It allows web developers to specify the sources from which a browser is allowed to load resources. CSP is implemented via HTTP headers or meta tags, providing a way to control resources like scripts, styles, images, and other content. This article is intended for developers working on websites that enforce CSP rules and integrate with mParticle.
The mParticle Web SDK makes requests to the following domains:
https://jssdkcdns.mparticle.comhttps://jssdks.mparticle.comhttps://identity.mparticle.comWe recommend adding https://*.mparticle.com to your CSP whitelist to ensure that there is uninterrupted data flow if we ever add or modify any subdomains.
mParticle stores and processes data in various silos (US1, US2, EU1, AU1, etc.). Currently, all requests are sent to the above generic subdomains which is managed by our CDN provider, Fastly. As an example, a request sent to https://jssdks.mparticle.com will then be rerouted by Fastly to the specific silo such as https://jssdks.us1.mparticle.com, which adds an extra step before reaching our servers. Our aim is to enhance the real-time performance of our platform by removing the extra step.
What’s Changing?
Starting September 15th, 2024, all requests will be sent directly to silo endpoints, bypassing Fastly. This does not affect you if you use a CNAME in your mParticle SDK configuration. Below are the new endpoint details.
| Previous Endpoint Subdomain | New Endpoint Subdomain Starting 9/15/2024 |
|---|---|
https://jssdks.mparticle.com |
https://jssdks.[silo].mparticle.com |
https://identity.mparticle.com |
https://identity.[silo].mparticle.com |
https://jssdkcdns.mparticle.com |
This subdomain is used to fetch the SDK or configuration and will not change |
Because of this upcoming change, having a single wildcard for https://*.mparticle.com in your CSP whitelist will ensure uninterrupted data flow to mParticle.
Was this page helpful?