Metcast SRL is committed to protecting the security and privacy of our website users. We use Content Security Policy (CSP) measures to help prevent cross-site scripting (XSS) attacks and other security threats that could compromise the confidentiality, integrity, and availability of our users' data.

What is CSP?

CSP is a security standard that allows website owners to control which resources (such as scripts, stylesheets, and images) are allowed to be loaded on their web pages. By implementing CSP, we can help prevent malicious code from being injected and executed on our site by attackers.

Our CSP Policy

Our CSP policy is based on the following directives:

  • "default-src: self" – Allows only resources from our own domain to be loaded.
  • "script-src: self" – Allows only scripts from our own domain to execute.
  • "style-src: self" – Allows only styles from our own site to be applied.
  • "img-src: self data:" – Allows images to be loaded only from our own domain.
  • "font-src: self" – Allows fonts to be loaded only from our domain.
  • "object-src: self" – Allows plugin content to be loaded only from our domain.
  • "frame-ancestors: self" – Allows embedding only from our own domain.

Testing and Monitoring

We regularly test and monitor our CSP policy to ensure it works as intended and provides the highest level of security for our users. If you notice any issues or have questions regarding our CSP policy, please contact us at contact@metcast.com.

Changes to this CSP Policy

We may update this CSP policy from time to time to reflect changes in our business or security requirements. We will notify you of any changes by updating this page and/or sending an email notification.