diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index e19a049..e789e3d 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -2,8 +2,6 @@
Ecogood portal
-
-
diff --git a/public/.htaccess b/public/.htaccess
index ff4ae98..63f09c1 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,8 +1,15 @@
+# authentication
AuthType Basic
AuthName "Geschuetzter Bereich. Zugangsdaten koennen beim AK-IT unbuerokratish angefordert werden."
AuthUserFile /home/pacs/ecg00/users/portal/doms/my.ecogood.world/.htpasswd
Require valid-user
+# CSP Starter Policy: allows images, scripts, AJAX, and CSS from the same origin, and does not allow any other resources to load (eg object, frame, media, etc).
+Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"
+
+# Referrer Policy
+Header always set Referrer-Policy "no-referrer"
+
# redirection depending on the language
RewriteEngine on
diff --git a/static/.htaccess b/static/.htaccess
index ff4ae98..63f09c1 100644
--- a/static/.htaccess
+++ b/static/.htaccess
@@ -1,8 +1,15 @@
+# authentication
AuthType Basic
AuthName "Geschuetzter Bereich. Zugangsdaten koennen beim AK-IT unbuerokratish angefordert werden."
AuthUserFile /home/pacs/ecg00/users/portal/doms/my.ecogood.world/.htpasswd
Require valid-user
+# CSP Starter Policy: allows images, scripts, AJAX, and CSS from the same origin, and does not allow any other resources to load (eg object, frame, media, etc).
+Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"
+
+# Referrer Policy
+Header always set Referrer-Policy "no-referrer"
+
# redirection depending on the language
RewriteEngine on