Content Security Policy (CSP)

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

If you are making use of CSP, you must add the following directives to your CSP header for our iframe code to work properly. If not done, Gumlet iframe won't load and video won't be visible.

frame-src 'self' https://play.gumlet.io;