diff --git a/roles/fedora-web/getfedora/files/csp.conf b/roles/fedora-web/getfedora/files/csp.conf
new file mode 100644
index 0000000000..10ac9c3c6d
--- /dev/null
+++ b/roles/fedora-web/getfedora/files/csp.conf
@@ -0,0 +1 @@
+Header always set Content-Security-Policy "default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src https://fedoramagazine.org; "
diff --git a/roles/fedora-web/getfedora/tasks/main.yml b/roles/fedora-web/getfedora/tasks/main.yml
index 155e895339..e73b75ce3b 100644
--- a/roles/fedora-web/getfedora/tasks/main.yml
+++ b/roles/fedora-web/getfedora/tasks/main.yml
@@ -11,6 +11,7 @@
   with_items:
   - getfedora.org.conf
   - languages.conf
+  - csp.conf
   notify:
   - reload proxyhttpd
   tags: