Content Security Policy (CSP)

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

If you are making use of CSP, you must add the following directives to your CSP header

frame-src 'self' https://play.gumlet.io;