If you have a strict Content Security Policy, please allowlist https://*.explo.co to your CSP to ensure our embed can work properly and make the proper requests. If you’re not sure if you have a strict CSP, then you likely don’t. If you prefer not to wildcard Explo’s subdomains, these are the necessary domains:

- https://app.explo.co
- https://api.explo.co
- https://embed.explo.co
- http://custom-assets.explo.co

Below are the data connector domains (for FIDO). Depending on which region you are using, you’ll need to allowlist the right set. If you don’t know which region you are using, then you are using the default one.

# Default Cloud Region (us-east-1)
- https://*.data.explo.co
    - https://us-east-1.data.explo.co
    - https://rover.data.explo.co

# APAC Region (ap-southeast-1)
- https://fido.prod-ap-southeast-1.explo.co
- https://rover.prod-ap-southeast-1.explo.co

# EU Region (eu-central-1)
- https://fido.prod-eu-central-1.explo.co
- https://rover.prod-eu-central-1.explo.co

# GovCloud Region
- https://us-gov-east-1.gov-data.explo.co
- (ask Explo Support for the other domain)

More may be added in the future, but customers will be notified ahead of time.

The URL custom-assets.explo.co is used for custom fonts, so please ensure to allowlist this domain if you are using custom fonts. This asset used to be served at https://explo-custom-fonts.s3.us-west-1.amazonaws.com, but we have since migrated it to custom-assets.explo.co (in January 2025). We will continue to support both for backwards compatibility. Our support team will reach out to those who might be using the old URL in their allowlist.