diff --git a/stripe_payment.module b/stripe_payment.module
index fd70b2d..415187f 100644
--- a/stripe_payment.module
+++ b/stripe_payment.module
@@ -436,3 +436,14 @@ function _stripe_payment_validate_comma_separated_keys($element, &$form_state, $
   $keys = array_map('trim', explode(',', $element['#value']));
   form_set_value($element, $keys, $form_state);
 }
+
+/**
+ * Implements hook_d7csp_hosts().
+ */
+function stripe_payment_d7csp_hosts() {
+  $hosts['script-src'][] = 'https://js.stripe.com';
+  // Likely needed for 3DS iframes. Those are provided by the banks.
+  $hosts['frame-src'][] = '*';
+  $hosts['form-action'][] = '*';
+  return $hosts;
+}