diff --git a/lib/defaults.js b/lib/defaults.js
index 6d8ec5e04..7119a0c6a 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -36,11 +36,11 @@ Default.commonCSP = function (domain) {
 };
 
 Default.contentSecurity = function (domain) {
-    return (Default.commonCSP(domain).join('; ') + "script-src 'self' " + domain).replace(/\s+/g, ' ');
+    return (Default.commonCSP(domain).join('; ') + "script-src 'self' resource: " + domain).replace(/\s+/g, ' ');
 };
 
 Default.padContentSecurity = function (domain) {
-    return (Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' " + domain).replace(/\s+/g, ' ');
+    return (Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' resource: " + domain).replace(/\s+/g, ' ');
 };
 
 Default.httpHeaders = function () {