Deprecated
Required change for users of CSP directive frame-src
9 days ago by Dara Hak
In order to improve detection capabilities on Bot Protect, we will roll out a new serving endpoint for response pages (Device Check, CAPTCHA, Block).
Target date
Monday, January 26, 2026
Required change
If you are using the frame-src directive in your Content-Security-Policy headers with a direct reference to geo.captcha-delivery.com, you will need to proceed with the change below:
- ❎ Before:
frame-src geo.captcha-delivery.com - ✅ After:
frame-src *.captcha-delivery.com
Without this change, some of your end users might experience issues with displaying response pages in case of false positives.
Reference documentation: JavaScript Tag