diff --git a/controller.go b/controller.go
index 3d664b2..0736c21 100644
--- a/controller.go
+++ b/controller.go
@@ -30,6 +30,7 @@ func getStaticFile(relPath string, contentType string, w http.ResponseWriter) {
 	}
 
 	w.Header().Add("Content-Type", contentType)
+	w.Header().Add("Content-Security-Policy", "default-src 'self'; frame-src: 'self' openstreetmap.org")
 	w.WriteHeader(http.StatusOK)
 	w.Write(file)
 }