Security headers are used to make web applications more secure.

The documentation around them is technical in nature, and for that reason we will refer to external resources found here: https://developer.mozilla.org/.

This article gives an overview of which security headers are available in Playable. You can access these under Account > Developer (admin users only).

Content Security Policy (CSP) covers a wide range of headers. In Playable, you can enable frame ancestors, which restricts where your campaign can be iframed.

Enter the domains of the URLs you want to be able to display your campaigns. Enter the full domain (e.g. www.playable.com, *campaign.playable.com, *games.playable.com).

If you are embedding your game in a hybrid app, you will want to make sure frame ancestors are disabled.

Referrer policy controls how much information can be sent along in external links from your campaign to another URL.

This could be, for example, including Playable as the source of traffic to your website.

You can select your preferred referrer policy from the drop-down menu. Read here for more information.

Permissions policy controls which browser features can be used on your campaign (for example, geolocation). Read more here.

If you enable this setting in Playable, you will be able to build your own permissions policy in the free text input field.