diff --git a/lib/routes.js b/lib/routes.js
index 99e640f..41ec4f4 100644
--- a/lib/routes.js
+++ b/lib/routes.js
@@ -14,7 +14,9 @@ async function oasRoutes(fastify, options) {
         reply.redirect(`${redirectUrl}index.html`);
       },
     });
+    const swaggerCspHeader = "script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: ; object-src 'none'";
     fastify.register(fstatic, {
+      setHeaders: (res, path, stat) => {res.setHeader('Content-Security-Policy', swaggerCspHeader)},
       root: path.join(__dirname, '..', 'static'),
     });
   }