A Content Security Policy is a way of ensuring that a browser only shows things that are explicitly whitelisted. It stops malicious people from being able to put things into a website which aren't meant to be there. For instance, malicious extensions which add content they shouldn't.
Mention Me provides a Content Security Policy for you to deploy on your website to ensure that you can keep your customers safe.
Recommended Policies
For a non-production/test environment
script-src:
- https://static-demo.mention-me.com
- https://tag-demo.mention-me.com
frame-src:
- https://demo.mention-me.com
connect-src:
- https://demo.mention-me.com
- https://tag-demo.mention-me.com
For their live environment
script-src:
- https://static.mention-me.com
- https://tag.mention-me.com
frame-src:
- https://mention-me.com
- https://<client_subdomain>.mention-me.com
connect-src:
- https://mention-me.com
- https://tag.mention-me.com
For the value of <client_subdomain>, please use your subdomain, e.g. example-client.mention-me.com. If you're unsure of this value, please reach out to the Mention Me team.