To comply with PCI DSS v4.x, which is designed to stop attackers from obtaining cardholder data when you are processing it in your e-commerce system, you should implement a Content Security Policy (CSP) for the iframe checkout integration on your website.
The sample gateway CSP is valid for a production environment only. The following is an example of a CSP that is appropriate for the gateway test environment.
<meta http-equiv="Content-Security-Policy" content="
style-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'unsafe-inline';
frame-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com https://test.ppipe.net https://test.oppwa.com/;
script-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'nonce-${nonce}';
connect-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com;
img-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com;
">