Deprecated
Update on required change for users of CSP directive frame-src
3 days ago by Dara Hak
The target date announced here has been updated in order to leave more time to make the required change.
New target date
Monday, February 23, 2026
Required change (reminder)
If you are using the frame-src directive in your Content-Security-Policy headers with a direct reference to geo.captcha-delivery.com, you will need to proceed with the change below:
- ❎ Before:
frame-src geo.captcha-delivery.com - ✅ After:
frame-src *.captcha-delivery.com
Without this change, some of your end users might experience issues with displaying response pages in case of false positives.
Reference documentation: JavaScript Tag