A Content Security Policy is a way of ensuring that a browser only shows things that are explicitly whitelisted. It stops malicious people being able to put things into a website which aren't meant to be there. For instance, malicious extensions which are adding content they shouldn't.
Mention Me provide a Content Security Policy for you to deploy on your website to ensure that you can keep your customers safe.
Recommended Policies
For a non production/test environment:
script-src:
- https://static-demo.mention-me.com
- https://tag-demo.mention-me.com
frame-src:
- https://demo.mention-me.com
connect-src:
- https://demo.mention-me.com
- https://tag-demo.mention-me.com
For their live environment:
script-src:
- https://static.mention-me.com
- https://tag.mention-me.com
frame-src:
- https://mention-me.com
- https://<client_subdomain>.mention-me.com
connect-src:
- https://mention-me.com
- https://tag.mention-me.com
For the value of <client_subdomain>, please use your subdomain, e.g. example-client.mention-me.com. If you're unsure of this value, please reach out to the Mention Me team.