1 files changed, 2 insertions, 1 deletions

diff --git a/boot.php b/boot.php
index 1f214c400..ce26f3a09 100755
--- a/boot.php
+++ b/boot.php
@@ -2167,7 +2167,8 @@ function construct_page(&$a) {
 	if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header'])
 		header("Strict-Transport-Security: max-age=31536000");
 
-	header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
+	if($a->config['system']['content_security_policy'])
+		header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
 
 	if($a->config['system']['x_security_headers']) {
 		header("X-Frame-Options: SAMEORIGIN");