If CSP is enabled for your site you will need to add policy directives depending on which features of UserKit you have enabled.

Below are the default policy directives required:

style-src https://widget.userkit.io;
script-src https://widget.userkit.io;
img-src https://widget.userkit.io;

If you have Google Sign-in enabled, you will need the following directives:

style-src 'unsafe-inline' https://accounts.google.com;
script-src https://www.gstatic.com https://accounts.google.com;
frame-src https://accounts.google.com;
img-src https://*.googleusercontent.com;

If you have ReCAPTCHA enabled, you will need the following directives:

frame-src https://www.google.com/recaptcha/;
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;