To comply with PCI DSS v4.x, which is designed to stop attackers from obtaining cardholder data when you are processing it in your e-commerce system, you should implement a Content Security Policy (CSP) for the iframe checkout integration on your website.

The sample gateway CSP is valid for a production environment only. The following is an example of a CSP that is appropriate for the gateway test environment.

<meta http-equiv="Content-Security-Policy" content="
  style-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'unsafe-inline'; 
  frame-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com https://test.ppipe.net https://test.oppwa.com/; 
  script-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com 'nonce-${nonce}'; 
  connect-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com; 
  img-src 'self' https://eu-test.oppwa.com https://eu-prod.oppwa.com;
">