diff --git a/system/typemill/Middleware/CspHeadersMiddleware.php b/system/typemill/Middleware/CspHeadersMiddleware.php
index 79a1064..661fc9d 100644
--- a/system/typemill/Middleware/CspHeadersMiddleware.php
+++ b/system/typemill/Middleware/CspHeadersMiddleware.php
@@ -29,6 +29,11 @@ class CspHeadersMiddleware implements MiddlewareInterface
 		# add the custom headers to the response after everything is processed
 		$response = $handler->handle($request);
 
+		if(isset($this->settings['cspdisabled']) && $this->settings['cspdisabled'])
+		{
+			return $response;
+		}
+
 		$whitelist 	= ["'unsafe-inline'", "'unsafe-eval'", "'self'", "data:", "*.youtube-nocookie.com", "*.youtube.com"];
 
 		$cspdomains = isset($this->settings['cspdomains']) ? trim($this->settings['cspdomains']) : false;
@@ -59,6 +64,13 @@ class CspHeadersMiddleware implements MiddlewareInterface
 		}
 
 		$whitelist = array_unique($whitelist);
+
+		# do not add csp header if disabled-flag is found
+		if(in_array("disable", $whitelist))
+		{
+			return $response;
+		}
+
 		$whitelist = implode(' ', $whitelist);
 
 	    # Define the Content Security Policy header
diff --git a/system/typemill/settings/system.yaml b/system/typemill/settings/system.yaml
index 3f06009..324e6e6 100644
--- a/system/typemill/settings/system.yaml
+++ b/system/typemill/settings/system.yaml
@@ -252,4 +252,8 @@ fieldsetdeveloper:
       type: textarea
       label: "Allowed Domains for Content on Typemill (CSP)"
       placeholder: 'https://www.google.com,*google.com'
-      description: "Add all domains separated with comma, that you want to integrate on your Typemill website. Domains will be added to the csp-header. Usually done with plugins and themes, but add manually if something is blocked."
\ No newline at end of file
+      description: "Add all domains separated with comma, that you want to integrate on your Typemill website. Domains will be added to the csp-header. Usually done with plugins and themes, but add manually if something is blocked."
+    cspdisabled:
+      type: checkbox
+      label: "Disable CSP Headers"
+      checkboxlabel: "Disable all csp (content security policy) headers for this website."
\ No newline at end of file