diff --git a/files/routes/allroutes.py b/files/routes/allroutes.py
index 71f569c8b..29ea95832 100644
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@@ -52,10 +52,10 @@ def teardown_request(error):
 @app.after_request
 def after_request(response: Response):
 	response.headers.add("Content-Security-Policy", (
-		"script-src 'self' 'unsafe-inline';"
 		" script-src:  'self' https://*.googletagmanager.com"
 		" img-src:     https://*.google-analytics.com https://*.googletagmanager.com"
 		" connect-src: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com"
+		" object-src: 'none'"
 	))
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")