From cd4edd4d483bc7700aeaaae1c4e4819cc418b261 Mon Sep 17 00:00:00 2001
From: Jamie Nguyen <j@jamielinux.com>
Date: Mon, 15 Jun 2026 16:10:46 +0100
Subject: [PATCH] Improve frame-src advice

---
 docs/guides/csp.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/guides/csp.md b/docs/guides/csp.md
index 16c7a6b..6397ec1 100644
--- a/docs/guides/csp.md
+++ b/docs/guides/csp.md
@@ -5,11 +5,11 @@ Content Security Policy is a way to secure your website from cross-site scriptin
 ## Configuring your CSP for Friendly Captcha
 If you are using a CSP for your website you will have to configure it to allow Friendly Captcha's iframes to be embedded.
 
-In most cases you will only need to add the `frame-src: *.frcapi.com` directive, for example:
+In most cases you will only need to add the `frame-src: https://*.frcapi.com` directive, for example:
 ```headers
 # old header
 Content-Security-Policy: default-src 'self'
 
 # new header
-Content-Security-Policy: default-src 'self'; frame-src *.frcapi.com
+Content-Security-Policy: default-src 'self'; frame-src https://*.frcapi.com
 ```