There are times when a need arises to enable certain script functionality in support of development of a campaign.
Let's say, for example, there is a page where you need to present content from your site in an iframe. When examining the response headers in your browser network developer tools, you see: X-Frame-Options: Deny
So in this case your iframe content is blocked by the browser even though requesting content from the same domain.
Solution: Use a SiteSpect Origin Header Variation to send X-Frame-Options: SAMEORIGIN
In a similar situation where to you need to change your Content-Security-Policy to enable running a script, capture what is being sent from your browser network developer tools, place into a text file, make the updates, and use a SiteSpect Origin Header Variation to send an updated CSP header.