fixed mixup in csp.md

fixed the mixup. "frame-src" is right

docs/sdk/advanced/csp.md

@@ -9,11 +9,11 @@ Content Security Policy is a way to secure your website from cross-site scriptin
 ## Configuring your CSP for Friendly Captcha
 If you are using a CSP for your website you will have to configure it to allow Friendly Captcha's iframes to be embedded.
 
-In most cases you will only need to add the `iframe-src: *.frcapi.com` directive, for example:
+In most cases you will only need to add the `frame-src: *.frcapi.com` directive, for example:
 ```headers
 # old header
 Content-Security-Policy: default-src 'self'
 
 # new header
-Content-Security-Policy: default-src 'self'; iframe-src *.frcapi.com
+Content-Security-Policy: default-src 'self'; frame-src *.frcapi.com
 ```