Some websites implement a Content Security Policy โ a browser security feature that controls which domains are allowed to load certain types of content, such as iFrames, scripts, or images.
When our iFrame is embedded on a website without proper allowlisting, it can be blocked by the browser, resulting in an error like:
Refused to frame '' because it violates the following Content Security Policy directive: "frame-src ..."
โ What you need to do
If you are seeing this error and our iFrame is not loading correctly, it is likely because your websiteโs CSP is not allowing mazing.link as a valid frame-src domain.
To fix this, you or your developer need to add the following domain to your CSP allowlist:
Without this change, your browser will refuse to load the 3D/AR iFrame, and your visitors wonโt see the interactive content. This issue often goes unnoticed unless developers check the browser console.