🚨

This guide is only relevant for the Web integration.

A Content-Security-Policy header helps to protect your checkout page from cross-site scripting attacks by allowing you to define where resources can be loaded from.

You'll need to add a few things to your allowlist:

PolicyOriginNotes
script-srcsdk.sandbox.primer.iorequired
script-srcsdk.production.primer.iorequired
frame-src*.primer.iorequired
style-src*.primer.iorequired
style-src'unsafe-inline'required
connect-src*.primer.iorequired
frame-src*.3dsecure.ioFor 3DS
frame-src*.cardinalcommerce.comFor 3DS
script-srcx.klarnacdn.netFor Klarna Payments
connect-srcx.klarna.comFor Klarna Payments
script-src*.paypal.comFor PayPal Payments
frame-src*.paypal.comFor PayPal Payments
connect-src*.paypal.comFor PayPal Payments
img-src*.paypal.comFor PayPal Payments
script-src*.paypalobjects.comFor PayPal Payments
img-src*.paypalobjects.comFor PayPal Payments
script-srcjs.stripe.comFor Stripe Payments
connect-src*.stripe.comFor Stripe Payments