From 304c7b7fe48e2e312fc3ada1ce75fda4dd849f9f Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Fri, 24 Mar 2017 15:43:49 +0100
Subject: [PATCH] mention the importance of CSP headers in the readme

---
 readme.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/readme.md b/readme.md
index 9988ff344..194b58676 100644
--- a/readme.md
+++ b/readme.md
@@ -47,6 +47,11 @@ Attributes in the config should have comments indicating how they are used.
 $EDITOR config.js
 ```
 
+If you are deploying CryptPad in a production environment, we recommend that you take the time to understand and correctly customize your server's [Content Security Policy headers](https://content-security-policy.com/).
+Modern browsers use these headers to allow or deny actions from malicious clients which could compromise the confidentiality of your user's data.
+
+These settings can be found in your configuration file in the  `contentSecurity` and `padContentSecurity` sections.
+
 ## Maintenance
 
 To get access to the most recent codebase: