diff --git a/app/core/settings.py b/app/core/settings.py
index 5f697f0..ae33511 100644
--- a/app/core/settings.py
+++ b/app/core/settings.py
@@ -25,6 +25,18 @@ CSRF_TRUSTED_ORIGINS = ["https://fbf.nabu-jena.de"]
 # Cookies
 SESSION_COOKIE_SECURE = True
 
+# DJANGO Content Security Policy
+CSP_DEFAULT_SRC = ("'self'",)
+CSP_STYLE_SRC = ("'self'",)
+CSP_SCRIPT_SRC = ("'self'",)
+CSP_IMG_SRC = ("'self'",)
+CSP_FONT_SRC = ("'self'",)
+
+# HTTPS
+SECURE_HSTS_SECONDS = 0
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
 # Allowed Hosts
 ALLOWED_HOSTS = [env("ALLOWED_HOSTS")]