diff --git a/app.ts b/app.ts
index 073dfee059b1044c31e743118a893407b050a148..6e81a96b3b46c07828da973e5b8963b908672169 100644
--- a/app.ts
+++ b/app.ts
@@ -19,7 +19,19 @@ app.set('port', config.app.port)
 app.set('views', __dirname + '/views')
 app.set('view engine', 'pug')
 
-app.use(helmet())
+app.use(
+    helmet.contentSecurityPolicy({
+        useDefaults: true,
+        directives: {
+            "font-src": ["'self'", "https://use.fontawesome.com"],
+            "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
+            "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"],
+            "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
+            "frame-src": ["'self'"]
+        },
+        reportOnly: true,
+    })
+);
 app.use(compression())
 app.use(morgan('combined'))
 app.use(cookieParser())