If CSP is enabled for your site you will need to add policy directives depending on which features of UserKit you have enabled.
Below are the default policy directives required:
style-src https://widget.userkit.io;
script-src https://widget.userkit.io;
img-src https://widget.userkit.io;
If you have Google Sign-in enabled, you will need the following directives:
style-src 'unsafe-inline' https://accounts.google.com;
script-src https://www.gstatic.com https://accounts.google.com;
frame-src https://accounts.google.com;
img-src https://*.googleusercontent.com;
If you have ReCAPTCHA enabled, you will need the following directives:
frame-src https://www.google.com/recaptcha/;
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;