diff --git a/public/.htaccess b/public/.htaccess
index 256201c31..57d2bd571 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -26,11 +26,7 @@ Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
 
 <IfModule mod_headers.c>
   Header always set X-Frame-Options "SAMEORIGIN"
-  Header add Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'"
-  Header add Content-Security-Policy "style-src 'self' 'unsafe-inline' fonts.googleapis.com"
-  Header add Content-Security-Policy "font-src 'self' fonts.googleapis.com fonts.gstatic.com"
-  Header add Content-Security-Policy "object-src 'none'"
-  Header add Content-Security-Policy "form-action 'self'"
+  Header add Content-Security-Policy "default-src 'self' www.google.com; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:; object-src 'none'; form-action 'self'"
   Header set X-Content-Type-Options "nosniff"
   Header set X-XSS-Protection "1; mode=block"
   Header set X-Frame-Options "DENY"