If you have a strict Content Security Policy, please allowlist https://*.explo.co to your CSP to ensure our embed can work properly and make the proper requests. If you’re not sure if you have a strict CSP, then you likely don’t. If you prefer not to wildcard Explo’s subdomains, these are the necessary domains:

  • https://app.explo.co
  • https://api.explo.co
  • https://embed.explo.co
  • https://*.data.explo.co
    • https://us-east-1.data.explo.co (default cloud instance)
  • http://custom-assets.explo.co

If you prefer not to wildcard https://*.data.explo.co and are not using the default cloud instance of Explo’s query service (FIDO), then please ask the support team for your corresponding https://XYZ.data.explo.co endpoint to allowlist.

More may be added in the future, but customers will be notified ahead of time.

The URL custom-assets.explo.co is used for custom fonts, so please ensure to allowlist this domain if you are using custom fonts. This asset used to be served at https://explo-custom-fonts.s3.us-west-1.amazonaws.com, but we have since migrated it to custom-assets.explo.co (in January 2025). We will continue to support both for backwards compatibility. Our support team will reach out to those who might be using the old URL in their allowlist.