diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf
index 7bf713dbf..893eb32ff 100644
--- a/data/etc/apache2/conf-available/freedombox.conf
+++ b/data/etc/apache2/conf-available/freedombox.conf
@@ -46,7 +46,7 @@ RedirectMatch "^/freedombox" "/plinth"
 ##
 <Location /plinth>
     Header set Referrer-Policy 'same-origin'
-    Header set Content-Security-Policy "font-src 'self'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; default-src 'self'; base-uri 'none'; sandbox allow-scripts allow-popups allow-forms allow-same-origin; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content;"
+    Header set Content-Security-Policy "font-src 'self'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'self'; default-src 'self'; base-uri 'none'; sandbox allow-scripts allow-popups allow-forms allow-same-origin; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content;"
     Header set X-Content-Type-Options 'nosniff'
 </Location>