diff --git a/README.md b/README.md
index 250ac2d..f58c5cd 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ docker_grav_rp_waf: "On"
 | docker_grav_rp_access_policy |                   | Modèle d'autorisation d'accès du reverse proxy                                            |
 | docker_grav_rp_indexing      |                   | Stratégie du reverse proxy vis à vis des robots                                           |
 | docker_grav_rp_waf           |                   | Activation websecurity du reverse proxy                                                   |
-|                              |                   |                                                                                           |
+| docker_grav_rp_custom_csp    | non défini        | Si précisé, définit un CSP header avec la valeur indiquée                                 |
 
 
 
diff --git a/templates/1_vhost_additional.conf b/templates/1_vhost_additional.conf
index 6e28790..8d3f81d 100644
--- a/templates/1_vhost_additional.conf
+++ b/templates/1_vhost_additional.conf
@@ -3,6 +3,10 @@
 ProxyErrorOverride off
 RequestHeader unset Authorization
 
+{% if docker_grav_rp_custom_csp is defined %}
+Header set Content-Security-Policy "{{ docker_grav_rp_custom_csp }}"
+{% endif %}
+
 <Location /admin>
   Use LDAPUserAccessPolicy
   Require ldap-user {{ docker_grav_ldap_admin_users | join(' ') }}
diff --git a/templates/2_mds_exclusion.conf b/templates/2_mds_exclusion.conf
index 5fe2b7d..fb481a9 100644
--- a/templates/2_mds_exclusion.conf
+++ b/templates/2_mds_exclusion.conf
@@ -1,6 +1,7 @@
 # {{ ansible_managed }}
 <LocationMatch "^/admin/">
     SecRuleRemoveById 933210
+    SecRuleRemoveById 942100
     SecRuleRemoveById 949110
 </LocationMatch>