diff --git a/README.md b/README.md
index eade926..3461f68 100644
--- a/README.md
+++ b/README.md
@@ -64,9 +64,6 @@ This will also be done automatically if no domain is supplied.
 * **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!
 
 
-* **Warning:** If you run a web application you might need to disable the 'Content-Security-Policy' header!
-
-
 * **Info:** To disable default settings and headers => just set their value to: ''
 
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 8efdef0..5f1f8cc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -57,7 +57,7 @@ default_apache:
     # if first key does not include 'Header' => prepend 'Header set'
     'Header always set Strict-Transport-Security': '"max-age=31536000; includeSubDomains; preload"'
     'Referrer-Policy': '"same-origin"'
-    'Content-Security-Policy': "\"default-src 'self';\""
+    # 'Content-Security-Policy': "\"default-src 'self';\""  # disabled since it blocks too many common use-cases
     'X-Frame-Options': 'SAMEORIGIN'
     'X-Content-Type-Options': 'nosniff'
     'X-Permitted-Cross-Domain-Policies': '"none"'