diff --git a/src/snek/system/middleware.py b/src/snek/system/middleware.py
index 710ec3a..7a60d1d 100644
--- a/src/snek/system/middleware.py
+++ b/src/snek/system/middleware.py
@@ -9,6 +9,8 @@
 from aiohttp import web
 import secrets
 
+csp_policy = "default-src 'self'; script-src 'self' 'nonce-{nonce}'; style-src 'self';"
+
 def generate_nonce():
     return secrets.token_hex(16)