diff --git a/docs/getting-started/advanced-topics/env-configuration.md b/docs/getting-started/advanced-topics/env-configuration.md
index 82f0537..d2878cd 100644
--- a/docs/getting-started/advanced-topics/env-configuration.md
+++ b/docs/getting-started/advanced-topics/env-configuration.md
@@ -345,6 +345,12 @@ requests initiated by third-party websites, but only over HTTPS.
 - Default: `False`
 - Description: Sets the `Secure` attribute for session cookies if set to `True`.
 
+#### `CONTENT_SECURITY_POLICY`
+
+- Type: `str`
+- Description: Sets the `content-security-policy` HTTP header
+- Example: `default-src 'self' 'unsafe-inline'; img-src 'self' https://* data:; child-src 'none'; font-src 'self' data:;`
+
 #### `AIOHTTP_CLIENT_TIMEOUT`
 
 - Type: `int`