diff --git a/web/middleware.ts b/web/middleware.ts
index 33bdb9748..3fee535ea 100644
--- a/web/middleware.ts
+++ b/web/middleware.ts
@@ -56,6 +56,11 @@ export function middleware(request: NextRequest) {
     contentSecurityPolicyHeaderValue,
   )
 
+  response.headers.set(
+    'Content-Security-Policy',
+    contentSecurityPolicyHeaderValue,
+  )
+
   return wrapResponseWithXFrameOptions(response, pathname)
 }