Content-Security-Policy (CSP) is a browser feature that limits what origins your page can interact with. With CSP, the browser will reject connections made to non-approved origins (e.g. if a vendor's script was hijacked or code was injected via an XSS attack).
In addition to the policies that your site needs without Cohere, there are 2 directives that you need to include with Cohere: