diff --git a/utils/response.ts b/utils/response.ts
index 168a581c..69fc1e51 100644
--- a/utils/response.ts
+++ b/utils/response.ts
@@ -20,7 +20,7 @@ export const jsonResponse = (
                 "Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key",
             // CSP should follow  Content Security Policy directive: "connect-src 'self' blob: https: wss:".
             "Content-Security-Policy":
-                "default-src 'self'; connect-src 'self' blob: https: wss:; frame-ancestors 'none';",
+                "default-src 'none'; frame-ancestors 'none'; form-action 'none'",
             ...headers,
         },
         status,