The error message is:
[Report Only] Refused to connect to https://XXX because it does not appear in the connect-src directive of the Content Security Policy.
I know it is a report only, but may raise some questions and complaining from merchants.
Is there anyway the shop owner to extend or modify the allowed list or something to prevent this warning printed?