diff --git a/Dockerfile-notebook b/Dockerfile-notebook
index 585bd0f84..ba482a138 100644
--- a/Dockerfile-notebook
+++ b/Dockerfile-notebook
@@ -15,7 +15,8 @@ USER $NB_UID
 COPY --chown=$NB_UID:$NB_UID ./client ./qs
 
 WORKDIR /qs
-RUN pip install . --no-cache-dir &&\
+RUN pip install --upgrade pip &&\
+    pip install . --no-cache-dir &&\
     pip install --no-cache-dir -r requirements-notebook.txt
 
 WORKDIR /
diff --git a/gateway/main/settings.py b/gateway/main/settings.py
index af6e5d7b3..6aa4b9466 100644
--- a/gateway/main/settings.py
+++ b/gateway/main/settings.py
@@ -65,6 +65,7 @@
 ]
 
 MIDDLEWARE = [
+    "csp.middleware.CSPMiddleware",
     "allow_cidr.middleware.AllowCIDRMiddleware",
     "django_prometheus.middleware.PrometheusBeforeMiddleware",
     "django.middleware.security.SecurityMiddleware",
@@ -346,3 +347,9 @@
 QISKIT_IBM_URL = os.environ.get(
     "QISKIT_IBM_URL", "https://auth.quantum-computing.ibm.com/api"
 )
+
+# Content Security Policy
+CSP_DEFAULT_SRC = "'none'"
+CSP_SCRIPT_SRC = "'none'"
+CSP_FRAME_ANCESTORS = "'self'"
+CSP_OBJECT_SRC = "'self'"
diff --git a/gateway/requirements.txt b/gateway/requirements.txt
index 47c7cc601..cefa1d36b 100644
--- a/gateway/requirements.txt
+++ b/gateway/requirements.txt
@@ -4,6 +4,7 @@ Markdown>=3.5.1
 django-allauth>=0.58.2
 django-allow-cidr>=0.7.1
 dj-rest-auth>=5.0.2
+django-csp>=3.7
 djangorestframework-simplejwt>=5.3.0
 django_prometheus>=2.3.1
 ray[default]>=2.9.0