To help customers with strict Content Security Policies (CSP), Pendo offers a content proxy service. This proxy loads guide content from a Pendo-controlled domain instead of from storage.googleapis.com.
Some customers don’t want to allow all of storage.googleapis.com in their CSP because it’s a shared Google domain where anyone can host files. The content proxy helps ensure users are loading only content hosted directly by Pendo.
As of October 1, 2025, all newly added applications use the content proxy by default. This article explains how to enable the proxy for existing apps that still load content from storage.googleapis.com.
Note: If you're already using a custom CNAME, you don’t need the content proxy. The content proxy is only available to customers who aren’t using CNAME.
Step 1. Update CSP rules
Update your current CSP directives to include the new content proxy domain.
For every reference to:
pendo-static-{{ SUB_ID }}.storage.googleapis.com
Also include this domain in the same directive:
content-{{ SUB_ID }}.static.pendo.io
For more CSP guidance, see Content Security Policy (CSP).
Step 2. Enable the content proxy
A subscription admin must turn on the content proxy for each relevant app. To do so:
- Go to Settings > Subscription settings.
- Open the Applications tab and select your application.
- In the Basic settings section, select the checkbox for Content proxy.
- Repeat these steps for each app as needed.
Step 3. Resave your guides and reupload media
You only need to resave guides that were published before turning on the content proxy. New guides published after the proxy is turned on will automatically use the proxy domain.
To apply the new content domain, resave each guide and reupload any hosted media or badge icons.
Note: Guides with images or icons that haven’t been reuploaded will still load, but only while storage.googleapis.com remains in your CSP. Removing it too early might prevent those assets from displaying to visitors.
To update a guide:
- Open the guide's details page from Guides > Guides.
- Select Edit in my app. If your guide doesn't contain any media and you have Guides Pro, select Edit in Pendo instead, resave your guide within Pendo, and skip to the next section.
- If any images or other media types exist within the guide or are uploaded as a badge icon, reupload the media.
- Save the guide and exit Visual Design Studio.
Step 4. Remove the legacy domain from your CSP
After confirming that all guides and media have been updated, you can remove the legacy Google Storage domain from your CSP:
pendo-static-{{ SUB_ID }}.storage.googleapis.com
This completes the process of using the Pendo content proxy.