diff --git a/volumes/conf.d/drawio.zinomedia.de.conf b/volumes/conf.d/drawio.zinomedia.de.conf
index f95b717..228e218 100644
--- a/volumes/conf.d/drawio.zinomedia.de.conf
+++ b/volumes/conf.d/drawio.zinomedia.de.conf
@@ -11,6 +11,8 @@ server {
 
     include "snippets/ssl-optimizations.conf";
 
+    add_header Content-Security-Policy "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://seafile.zinomedia.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
     location / {
         resolver 127.0.0.11;
         set $upstream "drawio:8080";