diff --git a/functions/_middleware.ts b/functions/_middleware.ts
index 14c5fa3..5468b49 100644
--- a/functions/_middleware.ts
+++ b/functions/_middleware.ts
@@ -100,6 +100,25 @@ async function setHeaders(context: RequestContext) {
   response.headers.set("X-Frame-Options", "DENY");
   response.headers.set("X-XSS-Protection", "1; mode=block");
 
+  const policies = {
+    "connect-src": ["https://*.ingest.sentry.io", "'self'"],
+    "default-src": ["'self'"],
+    "frame-src": ["https://challenges.cloudflare.com"],
+    "img-src": [
+      "https://cdn.discordapp.com/avatars/*",
+      "https://tr.rbxcdn.com",
+      "'self'",
+    ],
+    "media-src": ["https://mediaproxy.carcrushers.cc"],
+    "script-src": ["https://challenges.cloudflare.com", "'self'"],
+  };
+
+  const directives = [];
+
+  for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`);
+
+  response.headers.set("Content-Security-Policy", directives.join("; "));
+
   return response;
 }