# /etc/apache2/conf-available/csp.conf

<IfModule mod_ssl.c>
	<IfModule mod_headers.c>
		Header always set Content-Security-Policy "default-src https: 'self'; style-src https: 'self' 'unsafe-inline'"
	</IfModule>
</IfModule>