diff --git a/apps/web/src/routes/plugin@csp.ts b/apps/web/src/routes/plugin@csp.ts
index 46fe18c..6bf660b 100644
--- a/apps/web/src/routes/plugin@csp.ts
+++ b/apps/web/src/routes/plugin@csp.ts
@@ -16,6 +16,7 @@ export const onRequest: RequestHandler = (event) => {
     `frame-src 'self' 'nonce-${nonce}'`,
     `object-src 'none'`,
     `base-uri 'self'`,
+    `require-trusted-types-for 'script'`
   ];
 
   event.headers.set("Content-Security-Policy", csp.join("; "));