Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate Cross-Site Scripting (XSS) and data injection attacks.

If your web-app or website is using CSP, you’ll need to add the following domain names to your policy.

script-src: js.refiner.io
connect-src: api.refiner.io
frame-src: js.refiner.io
frame-ancestors: js.refiner.io
img-src: js.refiner.io storage.refiner.io
media-src: js.refiner.io storage.refiner.io
style-src: js.refiner.io storage.refiner.io

Please note: If you are loading our JavaScript Web-Client with the copy & paste method while using CSP headers, we invite you to put the Refiner code snippet in a separated JavaScript file. You can then load the JavaScript file with a <script src=”refiner-code-snippet.js”></script> HTML tag and add the ‘self’ keyword to the script-src CSP header.

Was this helpful? Let us know with a quick a vote

Still got questions? We are here to help!

The best way to contact us and get help is to fill out our support form. You can also send an email to contact@refiner.io. We usually reply within a few hours.