CSP errors typically happen when you display the payment authentication page within an iFrame (an inline frame that embeds one webpage within another) on your own checkout page.
Your website security rules, known as a CSP (Content Security Policy) or CORS (Cross-Origin Resource Sharing), may block Checkout.com's authentication page from loading correctly inside the iFrame. If Checkout.com's authentication page needs to open another iFrame to show the bank's security challenge page, this can create a nested iFrame, which often leads to security conflicts.If you have a Content Security Policy (CSP) on your website, Checkout.com requires the following directives:
connect-src, https://*.checkout.comframe-src, https://*.checkout.comscript-src, https://*.checkout.comimg-src, https://*.checkout.com