Content Security Policy

This guide is only relevant for the Web integration.

A Content-Security-Policy header helps to protect your checkout page from cross-site scripting attacks by allowing you to define where resources can be loaded from. You’ll need to add a few things to your allowlist:

Policy	Origin	Notes
`script-src`	`sdk.sandbox.primer.io`	required
`script-src`	`sdk.production.primer.io`	required
`frame-src`	`*.primer.io`	required
`style-src`	`*.primer.io`	required
`style-src`	`'unsafe-inline'`	required
`connect-src`	`*.primer.io`	required
`frame-src`	`*.3dsecure.io`	For 3DS
`script-src`	`x.klarnacdn.net`	For Klarna Payments
`connect-src`	`x.klarna.com`	For Klarna Payments
`script-src`	`*.paypal.com`	For PayPal Payments
`frame-src`	`*.paypal.com`	For PayPal Payments
`connect-src`	`*.paypal.com`	For PayPal Payments
`img-src`	`*.paypal.com`	For PayPal Payments
`script-src`	`*.paypalobjects.com`	For PayPal Payments
`img-src`	`*.paypalobjects.com`	For PayPal Payments
`script-src`	`js.stripe.com`	For Stripe Payments
`connect-src`	`*.stripe.com`	For Stripe Payments

Checkout