Skip to main content
Security headers

Documentation of the headers available under Account > Developer

Andreas Grosen avatar
Written by Andreas Grosen
Updated over a year ago

Security headers are used to make web applications more secure.

The documentation around them is technical in nature, and for that reason we will refer to external resources found here: https://developer.mozilla.org/.

This article gives an overview of which security headers are available in Playable. You can access these under Account > Developer (admin users only).

Content Security Policy

Content Security Policy (CSP) covers a wide range of headers. In Playable, you can enable frame ancestors, which restricts where your campaign can be iframed.

Enter the domains of the URLs you want to be able to display your campaigns. Enter the full domain (e.g. www.playable.com, *campaign.playable.com, *games.playable.com).

If you are embedding your game in a hybrid app, you will want to make sure frame ancestors are disabled.

Referrer Policy

Referrer policy controls how much information can be sent along in external links from your campaign to another URL.

This could be, for example, including Playable as the source of traffic to your website.

You can select your preferred referrer policy from the drop-down menu. Read here for more information.

Permissions Policy

Permissions policy controls which browser features can be used on your campaign (for example, geolocation). Read more here.

If you enable this setting in Playable, you will be able to build your own permissions policy in the free text input field.

Did this answer your question?