diff --git a/docker/files/etc/nginx/conf.d/default.conf b/docker/files/etc/nginx/conf.d/default.conf
index e5967e33..66bdada1 100644
--- a/docker/files/etc/nginx/conf.d/default.conf
+++ b/docker/files/etc/nginx/conf.d/default.conf
@@ -68,6 +68,8 @@ server {
         # Get resource from Minio
         proxy_pass http://minio:9000/impress-media-storage/;
         proxy_set_header Host minio:9000;
+
+        add_header Content-Security-Policy "default-src 'none'" always;
     }
 
     location /media-auth {
diff --git a/src/helm/impress/Chart.yaml b/src/helm/impress/Chart.yaml
index a4f4e344..c6a63e66 100644
--- a/src/helm/impress/Chart.yaml
+++ b/src/helm/impress/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 type: application
 name: docs
-version: 2.2.0-beta.1
+version: 2.2.0-beta.2
 appVersion: latest
diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml
index 75ee8f7c..fcf09730 100644
--- a/src/helm/impress/values.yaml
+++ b/src/helm/impress/values.yaml
@@ -170,6 +170,8 @@ ingressMedia:
     nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/media-auth/
     nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
     nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header Content-Security-Policy "default-src 'none'" always;
 
 ## @param serviceMedia.host
 ## @param serviceMedia.port