diff --git a/http/data.go b/http/data.go
index 5a72ef8a..5ba87313 100644
--- a/http/data.go
+++ b/http/data.go
@@ -49,7 +49,7 @@ func (d *data) Check(path string) bool {
 
 func handle(fn handleFunc, prefix string, store *storage.Storage, server *settings.Server) http.Handler {
 	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		for k, v := range global_headers {
+		for k, v := range globalHeaders {
 			w.Header().Set(k, v)
 		}
 
diff --git a/http/headers.go b/http/headers.go
index b1e56308..10fb0316 100644
--- a/http/headers.go
+++ b/http/headers.go
@@ -4,6 +4,6 @@
 package http
 
 // global headers to append to every response
-var global_headers = map[string]string{
+var globalHeaders = map[string]string{
 	"Cache-Control": "no-cache, no-store, must-revalidate",
 }
diff --git a/http/headers_dev.go b/http/headers_dev.go
index bdd93f35..21436625 100644
--- a/http/headers_dev.go
+++ b/http/headers_dev.go
@@ -6,7 +6,7 @@ package http
 // global headers to append to every response
 // cross-origin headers are necessary to be able to
 // access them from a different URL during development
-var global_headers = map[string]string{
+var globalHeaders = map[string]string{
 	"Cache-Control":                    "no-cache, no-store, must-revalidate",
 	"Access-Control-Allow-Origin":      "*",
 	"Access-Control-Allow-Headers":     "*",
diff --git a/http/http.go b/http/http.go
index ae0b7bb6..70d7d9d1 100644
--- a/http/http.go
+++ b/http/http.go
@@ -27,7 +27,7 @@ func NewHandler(
 	r := mux.NewRouter()
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			// w.Header().Set("Content-Security-Policy", `default-src 'self'; style-src 'unsafe-inline';`)
+			w.Header().Set("Content-Security-Policy", `default-src 'self'; style-src 'unsafe-inline';`)
 			next.ServeHTTP(w, r)
 		})
 	})