The Content Security Policy prevents Google from setting its re-captcha
For the CSP, the server does not define a frame-src
, so browser are using content-src
which is defined to 'self'
, preventing Google to frame its re-captcha in the subscribe page.
The frame-src
should be added with values 'self'
and www.google.com
.