Content-Security Policy

Did you know... ?

❗️What is this about?

Some websites implement a Content Security Policy – a browser security feature that controls which domains are allowed to load certain types of content, such as iFrames, scripts, or images.

When our iFrame is embedded on a website without proper allowlisting, it can be blocked by the browser, resulting in an error like:

Refused to frame '' because it violates the following Content Security Policy directive: "frame-src ..."

✅ What you need to do

If you are seeing this error and our iFrame is not loading correctly, it is likely because your website’s CSP is not allowing mazing.link as a valid frame-src domain.

To fix this, you or your developer need to add the following domain to your CSP allowlist:

*.mazing.link

💡 Example

If your current CSP looks like this:

Content-Security-Policy: frame-src self *.google.com;

It should be updated to include:

Content-Security-Policy: frame-src self *.google.com *.mazing.link;

📌 Why is this important?

Without this change, your browser will refuse to load the 3D/AR iFrame, and your visitors won’t see the interactive content. This issue often goes unnoticed unless developers check the browser console.