+
+In `/etc/apache2/conf-available/shaarli-csp.conf`:
+
+```apache
+<Directory /path/to/shaarli>
+ Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"
+</Directory>
+```
+
+Then run `a2enconf shaarli-csp; service apache2 reload`