diff --git a/server/serverMethods.js b/server/serverMethods.js
index ce0842c1b..aa8c89274 100644
--- a/server/serverMethods.js
+++ b/server/serverMethods.js
@@ -61,7 +61,34 @@ function getUserCountry(req) {
 
 const securityHeaders = helmet({
   referrerPolicy: { policy: 'no-referrer-when-downgrade' },
-  contentSecurityPolicy: false,
+  contentSecurityPolicy: {
+    useDefaults: true,
+    directives: {
+      defaultSrc: ["'self'"],
+      frameSrc: ['*'],
+      scriptSrc: [
+        "'unsafe-inline'",
+        "'unsafe-eval'",
+        "'self'",
+        'cdnjs.cloudflare.com',
+        'assets.tokbox.com',
+        'www.google-analytics.com',
+        'https://unpkg.com/@vonage/',
+        'static.opentok.com',
+        'www.googletagmanager.com',
+        'assets.adobedtm.com',
+      ],
+      styleSrc: [
+        "'self'",
+        "'unsafe-inline'",
+        'cdnjs.cloudflare.com',
+        'assets.tokbox.com',
+        'static.opentok.com',
+      ],
+      connectSrc: ['*'],
+      imgSrc: ['*', 'data:'],
+    },
+  },
   frameGuard: false, // configured by tbConfig.allowIframing
 });
 
diff --git a/test/api/server_spec.js b/test/api/server_spec.js
index 058967d43..460cd114d 100644
--- a/test/api/server_spec.js
+++ b/test/api/server_spec.js
@@ -73,6 +73,7 @@ describe('OpenTokRTC server', () => {
       .get('/room/unitTestRoom/info')
       .set('Accept', 'application/json')
       .expect('Content-Type', new RegExp('application/json'))
+      .expect('Content-Security-Policy', "default-src 'self';frame-src *;script-src 'unsafe-inline' 'unsafe-eval' 'self' cdnjs.cloudflare.com assets.tokbox.com www.google-analytics.com https://unpkg.com/@vonage/client-sdk-video@2/dist/js/opentok.js static.opentok.com www.googletagmanager.com assets.adobedtm.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com assets.tokbox.com static.opentok.com;connect-src *;img-src * data:")
       .expect(checkForAttributes.bind(undefined, RoomInfo))
       .expect(200, done);
   });
diff --git a/test/unit/chatController_spec.js b/test/unit/chatController_spec.js
index 43b1ee870..c786beac6 100644
--- a/test/unit/chatController_spec.js
+++ b/test/unit/chatController_spec.js
@@ -78,7 +78,7 @@ describe('ChatController', () => {
     });
 
     it('should initialize properly the object and return the handlers set when called without '
-       + 'handlers', sinon.test(function (done) {
+       + 'handlers', sinon.test((done) => {
       var expectedHandlers = {
         updatedRemotely: {
           name: 'roomStatus:updatedRemotely',
@@ -93,7 +93,7 @@ describe('ChatController', () => {
     }));
 
     it('should initialize properly the object and return the handlers set when called with '
-       + 'handlers', sinon.test(function (done) {
+       + 'handlers', sinon.test((done) => {
       var expectedHandlers = {
         updatedRemotely: {
           name: 'changedRoomStatus:changedUpdatedRemotely',