Add the HTML <script> code snippet
Add the Source Defense code snippet at the top of the <HEAD> element of each page where Source Defense should be deployed.
When placing the code snippet (aka tag), make sure to follow these guidelines:
- The tag must be implemented exactly as received; any change could affect the security of the website
- All requests must be HTTPS. By design, Source Defense will not execute on websites using plain-text
HTTP connections due to security considerations - The tag must be placed at the top of the <HEAD> element above any other JavaScript
- The tag must load synchronously; do not add the 'defer' property or any other properties to the tag
The tag snippet received will be like the example below, with the 'accountID' and 'siteID' defined for your account.
<script> vice={config:{viceAccountId:'accountID',viceSiteId:'siteID'}}</script><script src='//vice-prod.sdiapi.com/vice_loader/'accountID'/'sideID'>
</script>
Update CSP (if required)
If your web properties are using content security policy (CSP), you will need to whitelist the Source Defense domains in your policies to make sure the platform is not blocked by them.
Add *.sdiapi.com and *.sdiapi.net to the following CSP directives:
- script-src
- connect-src
- frame-src
- worker-src
- frame-ancestors