diff --git a/.gitignore b/.gitignore
index 67121c8d..185f740a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 node_modules
 .temp
-.cache
\ No newline at end of file
+.cache
+
+.DS_Store
\ No newline at end of file
diff --git a/pw/pw-csp/client/src/index.html b/pw/pw-csp/client/src/index.html
index 2cdf679a..1e185a52 100644
--- a/pw/pw-csp/client/src/index.html
+++ b/pw/pw-csp/client/src/index.html
@@ -1,10 +1,8 @@
 <!doctype html>
 <html lang="en">
 <head>
-  <!--<meta http-equiv="Content-Security-Policy"
-        content=".....">
-
-        -->
+<meta http-equiv="Content-Security-Policy"
+        content="default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none';">
 
   <meta charset="utf-8">
   <title>Test</title>
diff --git a/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java b/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
index 7b4343bc..182d8b18 100644
--- a/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
+++ b/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java
@@ -118,7 +118,7 @@ private void setCspConfig(HttpSecurity http) throws Exception {
         .contentSecurityPolicy(
           "script-src" +
             " 'none' "+
-            // "'unsafe-eval' 'unsafe-inline' " +
+             "'self" +
             ";" +
             // add connect-src directive to adapt CSP over cross-origin requests (CORS)
             "connect-src"+