This guide is only relevant for the Web integration.
A Content-Security-Policy header helps to protect your checkout page from cross-site scripting attacks by allowing you to define where resources can be loaded from. You’ll need to add a few things to your allowlist:
PolicyOriginNotes
script-srcsdk.sandbox.primer.iorequired
script-srcsdk.production.primer.iorequired
frame-src*.primer.iorequired
style-src*.primer.iorequired
style-src'unsafe-inline'required
connect-src*.primer.iorequired
frame-src*.3dsecure.ioFor 3DS
script-srcx.klarnacdn.netFor Klarna Payments
connect-srcx.klarna.comFor Klarna Payments
script-src*.paypal.comFor PayPal Payments
frame-src*.paypal.comFor PayPal Payments
connect-src*.paypal.comFor PayPal Payments
img-src*.paypal.comFor PayPal Payments
script-src*.paypalobjects.comFor PayPal Payments
img-src*.paypalobjects.comFor PayPal Payments
script-srcjs.stripe.comFor Stripe Payments
connect-src*.stripe.comFor Stripe Payments