===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 4.9
retrieving revision 4.10
diff -u -p -r4.9 -r4.10
--- cvsweb/cvsweb.cgi	2019/11/09 10:06:23	4.9
+++ cvsweb/cvsweb.cgi	2019/11/09 10:18:09	4.10
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# $Id: cvsweb.cgi,v 4.9 2019/11/09 10:06:23 schwarze Exp $
+# $Id: cvsweb.cgi,v 4.10 2019/11/09 10:18:09 schwarze Exp $
 # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon
 #
 # cvsweb - a CGI interface to CVS trees.
@@ -4242,6 +4242,8 @@ sub http_header(;$$)
   push(@headers, 'Last-Modified: ' . scalar gmtime($moddate) . ' GMT')
     if $moddate;
   push(@headers, 'Content-Type: ' . $content_type);
+  push(@headers, "Content-Security-Policy: default-src 'none'; " .
+    "img-src 'self'; style-src 'unsafe-inline'");
 
   if ($allow_compress && $maycompress) {
     if (HAS_ZLIB