This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
Troubleshooting
Articles about how to solve the most common problems
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Browser monitors: Issues with Content Security Policy

nandini_balakri
Inactive

on ‎10 Jan 2024 06:00 PM - edited on ‎12 Jun 2026 10:09 AM by Dynatrace Guru

Summary

This article explains how to troubleshoot Content Security Policy (CSP) issues in Dynatrace Browser monitors.
CSP restrictions can block scripts, resources, or requests required for Synthetic monitoring execution, leading to failed or incomplete monitor runs.
Unfortunately, the applied CSP settings are likely to prevent the browser from sending monitoring data to the Dynatrace Cluster

 

 

Problem

When running a Dynatrace Browser monitor:
  • The monitor fails to execute correctly
  • Scripts or resources do not load
  • Page behavior differs from manual testing
This commonly occurs on applications with strict Content Security Policy (CSP) rules.

 

Preferred solution: Monitor settings

As a first and preferred method to bypass the CSP of any monitored pages in your single-URL browser monitor or browser clickpath, enable Bypass Content Security Policy (CSP) of monitored pages in monitor settings. You can do this in Additional options when creating a browser monitor or in Advanced setup in monitor settings in edit mode.

bypass-csp-browser-monitor.png

If you're unable to use this option for some reason, refer to the advanced methods for bypassing CSP below.

 

Advanced methods to bypass CSP

Your CSP rules, such as the following, prevent Dynatrace from sending requests to a path relative to the page URL.

"Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'"

If you use custom JavaScript events, you may see the following JavaScript error.

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed. To avoid this, your page needs to allow script-src unsafe-eval.

In other cases, you must modify the page to allow connections relative to the URL. The following are example scenarios.

Example 1

CSP settings specified by using the <meta> tag are likely to prevent the browser from sending monitoring data to Dynatrace Cluster.

To resolve this issue, you can either set up a CSP HTTP header by replacing any existing CSP <meta> tag or add your environment URL to CSP, as shown below.

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; connect-src 'self' https://{your environment id}.live.dynatrace.com">

Example 2

A page loaded from http://www.mydomain.com returns no data in the UI because the CSP settings specify connect-src https://.

In such a case, you can try either of the following.

-Add http:// to connect-src.

-Switch the test to load https://www.mydomain.com instead of http://www.mydomain.com.

Example 3

A page loaded from http://www.mydomain.com returns no data in the UI because the CSP rules specify connect-src http://*.mydomain.com.

In this case, add http:// to connect-src.

 

What's Next

If none of the previous steps resolved the issue, open a chat and provide a link to your Browser Monitor, and the troubleshooting steps you have already completed.

 

Related reading

📖  Synthetic Troubleshooting Map

📖  Bypass Content Security Policy (CSP) of monitored page

Version history
Last update:
‎12 Jun 2026 10:09 AM
Updated by:
Dynatrace Guru