Console error - Missing OWASP Secure Headers:

While building the Zoom App, Im trying to call the deeplink api in my flow so that I can open my app in the Zoom client, but Im getting the console error 'Missing OWASP Secure Headers: [“Content-Security-Policy”]
I’m passing the security headers and I also have the domain in the allow list.
Here is the image that shows the headers that Im passing.

I assume that the user has to manually open the url that is received in the deeplink api url. The sample response looks like this

{“deeplink”:“{some id}”}

Hi Rohan, can you confirm that these headers are provided when the “Home URL” of your app is requested?

Can you also provide the full value of your CSP?

Final note, I think that X-Frame-Option should be plural i.e. X-Frame-Options