Add Explo Domains To CSP
Add Explo Domains to your Content Security Policy
If you have a strict Content Security Policy, please allowlist https://*.explo.co
to your CSP to ensure our embed can work properly and make the proper requests. If you’re not sure if you have a strict CSP, then you likely don’t. If you prefer not to wildcard Explo’s subdomains, these are the necessary domains:
https://app.explo.co
https://api.explo.co
https://embed.explo.co
https://*.data.explo.co
https://us-east-1.data.explo.co
(default cloud instance)
http://custom-assets.explo.co
If you prefer not to wildcard https://*.data.explo.co
and are not using the default cloud instance of Explo’s query service (FIDO), then please ask the support team for your corresponding https://XYZ.data.explo.co
endpoint to allowlist.
More may be added in the future, but customers will be notified ahead of time.
The URL custom-assets.explo.co
is used for custom fonts, so please ensure to allowlist this domain if you are using custom fonts. This asset used to be served at https://explo-custom-fonts.s3.us-west-1.amazonaws.com
, but we have since migrated it to custom-assets.explo.co
(in January 2025). We will continue to support both for backwards compatibility. Our support team will reach out to those who might be using the old URL in their allowlist.