Minimum CSP Domains Required for New Pendo Implementation (Analytics + Visual Design Studio + Guides)

Hi Pendo Community,

I'm implementing Pendo for the first time and need to configure Content Security Policy (CSP) directives. I want to understand the minimum required domains for our production environment.

Our Use Case:

• Enable Pendo analytics (page views, feature clicks, track events)
• Use Visual Design Studio for page/feature tagging
• Display guides to end users
• No guides created yet (starting fresh)
• Not using Session Replay

My Questions:

1. Minimum Production Domains: What is the absolute minimum set of domains required for the functionality above? The documentation lists many domains, but I want to avoid adding unnecessary ones.

2. Redundant Storage Domains: The docs require both:

   • pendo-static-{SUB_ID}.storage.googleapis.com
   • content-{SUB_ID}.static.pendo.io

   Both seem to serve the same guide content. Since I'm starting fresh with no existing guides, can I omit one of these? Will all new content use only the static.pendo.io domain, or do I still need both?

3. Future-Proofing: Are there any domains that might seem optional now but will be needed as we create guides in the coming weeks?

Current CSP Constraints:
We have a strict CSP policy and need to justify each domain addition to the broader team, so understanding the minimum viable set would be very helpful.

Thanks in advance for any guidance!