diff --git a/httpbin/handlers.go b/httpbin/handlers.go
index 3896c28c1372810567e3dacc17b2fd1d53b7307c..9a4349dfdde3d7a2cf02ac155ff7aec472ae8aa5 100644
--- a/httpbin/handlers.go
+++ b/httpbin/handlers.go
@@ -34,6 +34,7 @@ func (h *HTTPBin) Index(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Not Found", http.StatusNotFound)
 		return
 	}
+	w.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'unsafe-inline'")
 	writeHTML(w, assets.MustAsset("index.html"), http.StatusOK)
 }
 
diff --git a/httpbin/handlers_test.go b/httpbin/handlers_test.go
index c3413432fcc0537ff6779d622fe833044e0f95cd..9a94a02cee9d2b76c849fda6fe46f49ec5a1cb1c 100644
--- a/httpbin/handlers_test.go
+++ b/httpbin/handlers_test.go
@@ -64,6 +64,7 @@ func TestIndex(t *testing.T) {
 	handler.ServeHTTP(w, r)
 
 	assertContentType(t, w, htmlContentType)
+	assertHeader(t, w, "Content-Security-Policy", "default-src 'self'; style-src 'unsafe-inline'")
 	assertBodyContains(t, w, "go-httpbin")
 }