{
    use esmith::AccountsDB;
    my $accounts = esmith::AccountsDB->open_ro;
    my $CSP = $accounts->get_prop($virtualHostContent, "CSP") || "disabled";
    return  "    # CSP disabled for ibay $virtualHostContent\n" if ($CSP eq "disabled" || $CSP eq '');
    $OUT .= "    # Content-Security-Policy forced by CSP property for ibay $virtualHostContent\n";
    $OUT .= "    # httpd can not detect content from backend (eg php-fpm) and will overwrite it, use at your own risks\n";
    $OUT .= "    RequestHeader setifempty Content-Security-Policy \"$CSP\"\n";
}
