diff --git a/config/environment.js b/config/environment.js
index 98fef1d..ef82b4b 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -14,6 +14,16 @@ module.exports = function(environment) {
     APP: {
       // Here you can pass flags/options to your application instance
       // when it is created
+    },
+    
+    contentSecurityPolicy: {
+      'default-src': "'none'",
+      'script-src': "'self' 'unsafe-eval'",
+      'font-src': "'self'",
+      'connect-src': "'self'",
+      'img-src': "'self'",
+      'style-src': "'self' 'unsafe-inline'",
+      'media-src': "'self'"
     }
   };
 
diff --git a/public/.htaccess b/public/.htaccess
index 9ca7975..9fdb2d0 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,5 +1,5 @@
 # Content Security Policy-Headers
 # you have to enable apache module headers to get them working
-#Header set Content-Security-Policy "default-src 'self'"
-#Header set X-Content-Security-Policy "default-src 'self'"
-#Header set X-Webkit-CSP "default-src 'self'"
\ No newline at end of file
+#Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
+#Header set X-Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
+#Header set X-Webkit-CSP "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
\ No newline at end of file