Brand Fuel Content Security Policy

At Brand Fuel, we are committed to protecting our visitors' data and maintaining the integrity of our website. This Content Security Policy outlines the sources from which we permit content to be loaded on our website, including our product search portal powered by SAGE.

Policy Overview

To enhance security and reduce the risk of malicious attacks such as cross-site scripting (XSS), we restrict the types and sources of content that can be loaded on our website.

Permitted Content Sources

We allow resources to be loaded from the following:

• Our own domain: brandfuel.com and its subdomains
• SAGE: Content and tools provided by *.sageworld.com, which powers our product search feature
• Google Fonts: Fonts and related assets from fonts.googleapis.com and fonts.gstatic.com
• Inline styles: Only when necessary for proper display of embedded third-party tools
• Images: From our domain, SAGE, and embedded image data (e.g., data: URIs) Disallowed Content Types
• We do not allow external objects such as Flash, Java applets, or other embedded plugins.
• We block content from any domains not explicitly trusted or needed for site functionality.

Third-Party Services

We use SAGE to power our product search tool available at https://merch.brandfuel.com. This integration is securely sandboxed to allow only necessary scripts, styles, and connections required to deliver a seamless search experience.