Content Security Policy - Mention Me Docs

A Content Security Policy (CSP) ensures a browser only loads resources that are explicitly whitelisted, preventing malicious content from being injected into your site. Mention Me provides recommended CSP directives for you to deploy on your website.

Non-production / test environment

script-src:
  - https://static-demo.mention-me.com
  - https://tag-demo.mention-me.com

frame-src:
  - https://demo.mention-me.com

connect-src:
  - https://demo.mention-me.com
  - https://tag-demo.mention-me.com

Live environment

script-src:
  - https://static.mention-me.com
  - https://tag.mention-me.com

frame-src:
  - https://mention-me.com
  - https://<client_subdomain>.mention-me.com

connect-src:
  - https://mention-me.com
  - https://tag.mention-me.com

Replace <client_subdomain> with your subdomain, e.g. example-client.mention-me.com. If you are unsure of this value, reach out to the Mention Me team.

Last modified on March 18, 2026

Security Responsibilities Send Data Securely

⌘I

​Non-production / test environment

​Live environment

Non-production / test environment

Live environment