Merge

Many Merge customers use a CSP to provide an added layer of security and restrict which URLs and domains they allow interaction with in the embedded linking flow. 

Merge Link requires the following policies:

You can learn more about how to add a CSP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP" rel="nofollow noopener noreferrer" target="_blank">here</a>, but below are the URLs and domains Merge requires: 

script-src <a href="https://cdn.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://cdn.merge.dev</a>

connect-src <a href="https://api.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://api.merge.dev</a>

img-src <a href="https://merge-api-production.s3.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://merge-api-production.s3.amazonaws.com</a>

frame-src <a href="https://cdn.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://cdn.merge.dev</a>

- script-src <a href="https://cdn.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://cdn.merge.dev</a>
- connect-src <a href="https://api.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://api.merge.dev</a>
- img-src <a href="https://merge-api-production.s3.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://merge-api-production.s3.amazonaws.com</a>
- frame-src <a href="https://cdn.merge.dev" rel="nofollow noopener noreferrer" target="_blank">https://cdn.merge.dev</a>

Which URLs and domains Merge utilizes for the embedded Merge Link flow as added security

How to Use Content Security Policy (CSP) with Merge

Introduction

Pricing

About

Guides

Changelog

Careers

API Reference

Status

Blog

SDKs

Trust Center

Integrations

Terms of Use

Documentation

Quick Links

Company

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Overview

Merge Link requires the following policies: