Merge

Many Merge customers use a CSP to provide an added layer of security and restrict which domains they allow interaction with. 

Merge Link requires the following policies:

You can learn more about how to add a CSP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP" rel="nofollow noopener noreferrer" target="_blank">here</a>, but thse are the URLs and domains Merge requires:

<code>script-src https://cdn.merge.dev</code>

<code>connect-src https://api.merge.dev</code>

<code>img-src https://merge-api-production.s3.amazonaws.com</code>

<code>frame-src https://cdn.merge.dev</code>

URLs and domains Merge utilizes for the embedded Merge Link flow as added security

Using Content Security Policy (CSP) with Merge

Introduction

Pricing

About

Guides

Changelog

Careers

API Reference

Status

Blog

SDKs

Trust Center

Integrations

Terms of Use

Documentation

Quick Links

Company

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you