diff --git a/lib/settings.php b/lib/settings.php
index a4e4c2a..364aa44 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -15,6 +15,10 @@ $context = stream_context_create(array('http'=>
 	)
 ));
 
+// Set a policy of allowing scripts on the same domain
+//header("X-XSS-Protection: 0");
+header("X-Content-Security-Policy: allow 'self'");
+
 // Start a session if we haven't already
 if(!isset($_SESSION)) {@session_start();}