Pathmonk is committed to ensuring high-security standards for our clients. As one of our top priorities, we want to preserve the confidentiality, integrity, and availability of information under all circumstances by applying a risk management process and giving confidence to interested parties that risks are adequately managed. In all cases, with the knowledge that globally all IT systems are under threat from new vulnerabilities being discovered and exploited each day, Pathmonk operates security policies and reviews to its best effort implementing best practices where possible and being proactive about patching and monitoring. We make our best efforts to ensure that we have in place the best security available without limiting the usability of our solution.
What are Pathmonk’s Content Security Policies?
Pathmonk has individual content security policies implemented based on the type of services according to industry standards. For all the visual content shown on the website through Pathmonk’s products (micro-experiences, notifications, etc) we have an individual Content Security Policy per client, in these cases, we only accept requests from, the client domain (specify when setting up the product) and the own Pathmonk API server. Example: content-security-policy: frame-ancestors https://pathmonk.com https://*.pathmonk.com https://YOURWEBSITE.com http://YOURWEBSITE.com Following the industry standard (such a Google Analytics, yahoo finance, etc) for data API and public resources, we have implemented the following measures: For Pathmonk’s data collection API requests, the security policy protects the request with a unique Key and a domain verification pair, a maximum number of requests limits per second and a maximum number of requests per client. Those policies are applied on the backend application and run in real-time. Public files and libraries are served through a CDN (Content Delivery Network) with cache control to maximize the speed and reliability of the resources. For those scenarios, no Content Security Policy applies.
How to update your Pathmonk account domain Content Security Policy?
Following our high-security standards, it is not possible for a client to manually change the domain assigned to an application. In the case of a change of that nature is required, an account ownership verification will be needed directly with one of our account implementors, then, once approved, one of our specialists will audit and update the settings. If that is your case please reach: [email protected]
What are the public domains of Pathmonk applications?
In critical environments, we have detected that some clients have internal policies to restrict and nullify all traffic incoming or outgoing from unknown sources. If that is your case, you will be required to whitelist the following Pathmonk domains in your application:
- apisdk.pathmonk.com
- pathmonk-assets.pathmonk.com
- pathmonk-lib.pathmonk.com
- crm.pathmonk.com
Our application also uses some external and public fonts. So it will be required to whitelist the following domains for the fonts:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article