diff --git a/setup/start/nginx/appconfig.ejs b/setup/start/nginx/appconfig.ejs
index 07c8b9658..827190a8c 100644
--- a/setup/start/nginx/appconfig.ejs
+++ b/setup/start/nginx/appconfig.ejs
@@ -90,8 +90,8 @@ server {
     add_header Referrer-Policy "no-referrer-when-downgrade";
     proxy_hide_header Referrer-Policy;
 
-    # CSP headers for the admin/dashboard resources
 <% if ( endpoint === 'admin' ) { -%>
+    # CSP headers for the admin/dashboard resources
     add_header Content-Security-Policy "default-src 'none'; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
 <% } -%>