How do I set up web checks if my app uses Content Security Policy?

How CSP affects availability monitoring

Content Security Policy (CSP) is a security layer that assists in detecting and mitigating specific types of attacks, for example Cross Site Scripting (XSS) and data-injection attacks. Unfortunately, CSP settings specified using the <meta> tag are likely to prevent the browser from sending monitoring data to Dynatrace Server.

Resolve CSP browser issues

To resolve this issue, you can either set up a CSP HTTP header (replacing any existing CSP <meta> tags), or you can add your environment URL to CSP, as shown in the example below:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; connect-src 'self' https://{your environment id}.live.dynatrace.com">