If your website uses Content Security Policy headers, you must add the following directives to allow the publisher tools embed script to work:
| Directive |
Value |
Description |
script-src |
https://tools-cdn.webmonetization.org |
Allows loading interactive tool script from the CDN |
connect-src |
https://tools-api.webmonetization.org |
Allows fetching configuration data from the API |
img-src |
data: https://tools-cdn.webmonetization.org |
Allows loading logos/thumbnails and inline SVG icons |
style-src |
https://tools-cdn.webmonetization.org |
Allows loading CSS files and dynamic theme styling (custom colors/fonts) |
font-src |
https://tools-cdn.webmonetization.org |
Allows loading custom web fonts |