A Content Security Policy (CSP) is a security feature that helps prevent attacks on your map such as Cross-Site Scripting and Clickjacking. A CSP defines a set of Authorized URLs where you would like the map to display, and it restricts the type of content browsers are allowed to include or exclude to that list.
The map will NOT load for any URLs not included in the CSP (when CSP is enabled). To set a CSP for your Map, please follow these steps:
1. Open Account
After logging into the Content Management System (CMS), click on the Account button located in the top right corner of your map.
2. Go to the Security Tab
To set your CSP, go to the Security tab in your Account.
3. Add Content Security Policy (CSP)
You can set a `frame-ancestor` CSP in the Security tab. Click Add CSP to start creating a list of Authorized URLs.
4. Add Authorized URLs
Authorized URLs are any place where you want to display the map. If you try to display your map at a URL that is NOT included on this list, the map will not load.
Please add all applicable URLs and ensure "Enable CSP" is checked.
5. Save Security Data
Once you've listed all the necessary Authorized URLs, click "Save Security Data".
6. Confirm Content Security Policy
If your new CSP is good to go, you'll find it listed below and enabled.