Security headers are used to make web applications more secure.

The documentation around them is technical in nature, and for that reason we will refer to external resources found here: https://developer.mozilla.org/.

This article gives an overview of which security headers are available in Playable. You can access these under Account > Developer

📌 Note: The developer tab can only be accessed by users with an account administrator role.

Content Security Policy (CSP) covers a wide range of headers. In Playable, you can enable frame ancestors, which restricts where your campaign can be iframed. To view your accounts Security headers navigate to Account > Developer > Security headers.

Enable frame ancestors and you will be able to enter the domains of the URLs you want to be able to display your campaigns. Enter the full domain (e.g. including https:// https://www.playable.com, *campaign.playable.com, *games.playable.com).

If you are embedding your game in a hybrid app, you will want to make sure frame ancestors are disabled.

Referrer policy controls how much information can be sent along in external links from your campaign to another URL.

This could be, for example, including Playable as the source of traffic to your website.

You can select your preferred referrer policy from the drop-down menu.

Read here for more information.

Permissions policy controls which browser features can be used on your campaign (for example, geolocation).

If you enable this setting in Playable, you will be able to build your own permissions policy in the free text input field.

Read here for more information.