Content-Security Policy
Did you know... ?
โ๏ธWhat is this about?
Some websites implement a Content Security Policy โ a browser security feature that controls which domains are allowed to load certain types of content, such as iFrames, scripts, or images.
When our iFrame is embedded on a website without proper allowlisting, it can be blocked by the browser, resulting in an error like:
Refused to frame '' because it violates the following Content Security Policy directive: "frame-src ..."
โ
What you need to do
If you are seeing this error and our iFrame is not loading correctly, it is likely because your websiteโs CSP is not allowing mazing.link as a valid frame-src domain.
To fix this, you or your developer need to add the following domain to your CSP allowlist:
๐ก Example
If your current CSP looks like this:
Content-Security-Policy: frame-src self *.google.com;
It should be updated to include:
Content-Security-Policy: frame-src self *.google.com *.mazing.link;
๐ Why is this important?
Without this change, your browser will refuse to load the 3D/AR iFrame, and your visitors wonโt see the interactive content. This issue often goes unnoticed unless developers check the browser console.
Last updated