diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix
index c76d88a..690d9ba 100644
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@@ -44,14 +44,15 @@ in
           proxyPass = "http://127.0.0.1:4040";
           proxyWebsockets = true;
           extraConfig = ''
-             # Taken from https://airsonic.github.io/docs/proxy/nginx/
-                      	proxy_set_header X-Real-IP         $remote_addr;
-            	        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-                	    proxy_set_header X-Forwarded-Proto https;
-            	        proxy_set_header X-Forwarded-Host  $http_host;
-            	        proxy_set_header Host              $http_host;
-            	        proxy_max_temp_file_size           0;
-                      	proxy_ssl_server_name on;
+            # Taken from https://airsonic.github.io/docs/proxy/nginx/
+            proxy_set_header X-Real-IP         $remote_addr;
+            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header X-Forwarded-Host  $host;
+            proxy_set_header Host              $host;
+            proxy_max_temp_file_size           0;
+            proxy_ssl_server_name on;
+            add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com; img-src 'self' *.akamaized.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self'; object-src 'none'";
           '';
         };
       };