diff --git a/static/_headers b/static/_headers
index 1b90e23..05e6de3 100644
--- a/static/_headers
+++ b/static/_headers
@@ -11,33 +11,42 @@
   # Cross-Origin-Opener-Policy : same-origin
 
 /posts/knowledge/multi-factor-authentication/
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/android/android-tips/
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/android/choosing-your-android-based-operating-system/
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/linux/choosing-your-desktop-linux-distribution/
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/linux/desktop-linux-hardening/
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /*.xml
+  ! Content-Security-Policy
   Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; block-all-mixed-content; base-uri 'none'
 
 /*.png
+  ! Content-Security-Policy
   Cross-Origin-Resource-Policy : cross-origin
 
 /*.jpg
+  ! Content-Security-Policy
   Cross-Origin-Resource-Policy : cross-origin
 
 /.well-known/openpgpkey/hu/*
+  ! Content-Security-Policy
   Access-Control-Allow-Origin: *