Target - CSP headers to make page accessible within iframe only for Target VEC

Description description

Environment

Adobe Target

Issue/Symptoms

Is there any domain which should be included to allow the access within an iframe?

Specifically the Frame-ancestors, which specifies the domains to be allowed to embed the application in a frame.

For security pupose this is to allow only Target to access their page within an iframe.

Resolution resolution

Below CSP headers should be allowed by you:

Header always set Content-Security-Policy "frame-ancestors 'self' https://adobemc.com https://<tenantID>.experiencecloud.adobe.com https://experience.adobe.com"