diff --git a/lib/init.php b/lib/init.php
index bee4fb3a..4ce16229 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -29,7 +29,7 @@ header('Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time()));
 // Inline-JS is no longer allowed and used
 // See: http://people.mozilla.org/~bsterne/content-security-policy/index.html
 // New stuff see: https://www.owasp.org/index.php/List_of_useful_HTTP_headers and https://www.owasp.org/index.php/Content_Security_Policy
-$csp_content = "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; reflected-xss block;";
+$csp_content = "default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; reflected-xss block;";
 header("Content-Security-Policy: ".$csp_content);
 header("X-Content-Security-Policy: ".$csp_content);
 header("X-WebKit-CSP: ".$csp_content);