diff --git a/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs b/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
index afecdff..12432bd 100644
--- a/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
+++ b/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
@@ -26,9 +26,12 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                    // .Self() Add this if you want to use the visual studio debugging tools
-                    .WithNonce()
-                    .UnsafeEval();
+                  .WithHash256("sha256-wTSw2ZoYOVpX8Sl5cEiYcCF8ddvCbjJhiX+oYQqD1s4=")
+                  .WithNonce()
+                  .UnsafeEval() // due to Blazor WASM
+                  .StrictDynamic()
+                  .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+                
             })
             .RemoveServerHeader()
             .AddPermissionsPolicy(builder =>