How to deal with CSP and being contacted by a “security researcher”
Background You might be approached by someone looking for money. They will give you this information (broken English included): Summary: X-Frame-Options ALLOW-FROM https://billing.example.com/login not supported