HTTP Header Settings

All about HTTP header settings for embedded content on the Staffbase platform.

The HTTP header plays a crucial part in displaying embedded content correctly in your Staffbase platform. Configure the frame-ancestor directives in the HTTP header of your pages, services, and plugins to make them embeddable on desktop and native.

Where to Configure the HTTP Header

Go to the website or service you want to embed and configure the HTTP header settings. You cannot configure the HTTP settings within the Staffbase platform.

HTTP Header Values

Embedding into Staffbase works with the Content Security Policy (CSP) technology. To ensure that the rendering of embedded content is supported on all browsers, copy the following templates and replace the placeholders with your platform’s URL and domain.

Set the CSP entry for the frame-ancestors directive as:

Content-Security-Policy: frame-ancestors 'self' http://{appdomain} https://{appURL} capacitor://{appdomain} capacitor://;
Your application’s URL looks like this:
Replace { } in the directive with the following parts of your application URL:
  • appURL is
  • appdomain is

Additional Helpful Information