diff --git a/h5bp/security/content-security-policy.conf b/h5bp/security/content-security-policy.conf
index c2544f00..3d57a9bd 100644
--- a/h5bp/security/content-security-policy.conf
+++ b/h5bp/security/content-security-policy.conf
@@ -82,6 +82,13 @@
 # https://content-security-policy.com/
 
 <IfModule mod_headers.c>
-    #                                          (1)                 (2)              (3)                 (4)                     (5)                (6)                                                 (7)
-    Header always set Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+   Header always set Content-Security-Policy "
+#      (1) (2) (3) (4) (5) (6) (7)
+       default-src 'self';
+       base-uri 'none';
+       form-action 'self';
+       frame-ancestors 'none';
+       object-src 'none';
+       upgrade-insecure-requests;"
+       "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
 </IfModule>