Content Security Policy response header on landing pages | Community
Skip to main content
A
angelalau
New Participant
August 18, 2021
Solved

Content Security Policy response header on landing pages

  • August 18, 2021
  • 1 reply
  • 2621 views

Is it possible to add a Content-Security-Policy response header to landing pages? I would like to use the frame-ancestors directive to allow specific hosts to embed our Marketo landing pages while disallowing all others. The "Do not allow Marketo pages to be embedded in external web pages" setting seems to suggest that the options are to allow 1) same origin web pages only or 2) all external pages. We have our Marketo landing pages on one subdomain and embed some of these landing pages in iframes on another subdomain. For our use case to work, we cannot restrict frame ancestors to pages from the same origin, but allowing all external web pages seems too lax from a security standpoint.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman
I’m not aware of a way to add the CSP header. Certainly there is no way to do it in the UI; it would have to be configured by Support if done at all. You might open a case just to be sure.

1 reply

SanfordWhiteman
SanfordWhitemanAccepted solution
New Participant
August 19, 2021
I’m not aware of a way to add the CSP header. Certainly there is no way to do it in the UI; it would have to be configured by Support if done at all. You might open a case just to be sure.
    A
    angelalauAuthor
    New Participant
    August 27, 2021

    Thanks for confirming. We are planning to migrate the landing pages from Marketo to our CMS for better design consistency. Added bonus: the CMS has all the web security headers in place.

    Terms & ConditionsAccessibility statement

    Loading footer...