diff --git a/src/cartridges/app_adyen_SFRA/cartridge/config/httpHeadersConf.json b/src/cartridges/app_adyen_SFRA/cartridge/config/httpHeadersConf.json
new file mode 100644
index 000000000..8f099fcd5
--- /dev/null
+++ b/src/cartridges/app_adyen_SFRA/cartridge/config/httpHeadersConf.json
@@ -0,0 +1,10 @@
+[
+  {
+    "id": "Content-Security-Policy",
+    "value": "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cquotient.com *.adyen.com *.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.commercecloud.salesforce.com; font-src *.gstatic.com cash-f.squarecdn.com *.commercecloud.salesforce.com *.googleapis.com; style-src 'unsafe-inline' *.googleapis.com *.adyen.com *.cash.app *.commercecloud.salesforce.com; frame-src *; img-src 'self' data:  *; connect-src *; form-action *"
+  },
+  {
+    "id": "X-Content-Type-Options",
+    "value": "nosniff"
+  }
+]