Skip to main content

Content Security Policy (CSP) Headers

If you secure your website using Content Security Policy (CSP) headers, please ensure that the connect-src directive allows the following sources to enable full functionality of our services:

  • Web Requests & WebSocket Connections:

    • https://api.brokerize.com
    • wss://api.brokerize.com

  • Crypto Trading:
    If you want to enable cryptocurrency trading, you must also allow:

    • https://crypto.donaucapital.de

Additionally, if you are using brokerize-elements with our static files hosted at https://assets.brokerize.com/, you must include this domain in your img-src directive to allow images to load correctly.

If your client is enabled to show logos, also add https://logos.brokerize.com for img-src.

These CSP settings are required to prevent security-related restrictions that could otherwise block essential API calls and WebSocket connections.

Note that for api-preview.brokerize.com you must change the URLs accordingly.