Security Headers
If you use CSP, you need to expand your policy with the following additions.
At minimum you need to add https://import.comments.sh
to connect-src
so a client script can post and retrieve comments.
If you use the provided client script add
https://import.comments.sh
to script-src
so the client can be imported.
Example
A complete CSP might look something like this:
default-src 'self'; script-src 'self' https://import.comments.sh; connect-src 'self' https://import.comments.sh;