> ## Documentation Index
> Fetch the complete documentation index at: https://primer.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Content Security Policy

<Note>
  This guide is only relevant for the Web integration.
</Note>

A `Content-Security-Policy` header helps to protect your checkout page from cross-site scripting attacks by allowing you to define where resources can be loaded from.

You'll need to add a few things to your allowlist:

| **Policy**    | **Origin**            | **Notes**           |
| :------------ | :-------------------- | :------------------ |
| `script-src`  | `sdk.primer.io`       | required            |
| `frame-src`   | `*.primer.io`         | required            |
| `style-src`   | `*.primer.io`         | required            |
| `style-src`   | `'unsafe-inline'`     | required            |
| `connect-src` | `*.primer.io`         | required            |
| `frame-src`   | `*.3dsecure.io`       | For 3DS             |
| `script-src`  | `x.klarnacdn.net`     | For Klarna Payments |
| `connect-src` | `x.klarna.com`        | For Klarna Payments |
| `script-src`  | `*.paypal.com`        | For PayPal Payments |
| `frame-src`   | `*.paypal.com`        | For PayPal Payments |
| `connect-src` | `*.paypal.com`        | For PayPal Payments |
| `img-src`     | `*.paypal.com`        | For PayPal Payments |
| `script-src`  | `*.paypalobjects.com` | For PayPal Payments |
| `img-src`     | `*.paypalobjects.com` | For PayPal Payments |
| `script-src`  | `js.stripe.com`       | For Stripe Payments |
| `connect-src` | `*.stripe.com`        | For Stripe Payments |