diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index ac2ff8486..495a15bdc 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -46,7 +46,8 @@ server {
     # https://wiki.mozilla.org/Security/Guidelines/Web_Security
     # https://observatory.mozilla.org/ 
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
-    add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
+    add_header Content-Security-Policy "upgrade-insecure-requests;"
+    add_header Content-Security-Policy-Report-Only "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Download-Options noopen;