{
    use esmith::AccountsDB;
    my $accounts = esmith::AccountsDB->open_ro;
    my $CSP = $accounts->get_prop($virtualHostContent, "CSP") || "default-src 'self' https://www.$virtualHost https://$virtualHost;  style-src 'self' https://*.$virtualHost; script-src 'self' https://*.$virtualHost; worker-src 'self' https://*.$virtualHost; frame-ancestors 'self' https://*.$virtualHost; base-uri 'self' https://*.$virtualHost; form-action 'self' https://*.$virtualHost ";
    return  "    # CSP disabled for this host\n" if ($CSP eq "disabled");
    if ($CSP ne '')
    {
    $OUT .= "    # Content-Security-Policy; only if not set by content\n";
    $OUT .= "    Header setifempty Content-Security-Policy \"$CSP\"\n";
    }
}
