diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index de6be79..efdac30 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,2 +1,17 @@
 module ApplicationHelper
+  def style_tag(content_or_options_with_block = nil, html_options = {}, &block)
+    content =
+      if block
+        html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash)
+        capture(&block)
+      else
+        content_or_options_with_block
+      end
+
+    if html_options[:nonce] == true
+      html_options[:nonce] = content_security_policy_nonce
+    end
+
+    content_tag("style", content.html_safe, html_options)
+  end
 end
diff --git a/app/views/admin/developers_review.html.erb b/app/views/admin/developers_review.html.erb
index 4e428e5..23215c2 100644
--- a/app/views/admin/developers_review.html.erb
+++ b/app/views/admin/developers_review.html.erb
@@ -34,7 +34,7 @@
 <%= javascript_include_tag "tinder", "data-turbo-track": "reload" %>
 <% end %>
 
-<style>
+<%= style_tag nonce: true do %>
 @import url("https://code.ionicframework.com/contrib/ionic-contrib-tinder-cards/ionic.tdcards.css");
 @import url("https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css");
 
@@ -135,4 +135,4 @@ form {
   position: relative;
   height: 100%;
 }
-</style>
+<% end %>
diff --git a/app/views/admin/index.html.erb b/app/views/admin/index.html.erb
index 707c480..d5f56c3 100644
--- a/app/views/admin/index.html.erb
+++ b/app/views/admin/index.html.erb
@@ -11,7 +11,7 @@
     </ul>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
     li {
         margin-top: 0.25rem;
     }
@@ -19,4 +19,4 @@
     a {
         color: var(--winter-sky);
     }
-</style>
+<% end %>
diff --git a/app/views/admin/review.html.erb b/app/views/admin/review.html.erb
index acfb79a..b3bb928 100644
--- a/app/views/admin/review.html.erb
+++ b/app/views/admin/review.html.erb
@@ -32,7 +32,7 @@
 <%= javascript_include_tag "tinder", "data-turbo-track": "reload" %>
 <% end %>
 
-<style>
+<%= style_tag nonce: true do %>
 @import url("https://code.ionicframework.com/contrib/ionic-contrib-tinder-cards/ionic.tdcards.css");
 @import url("https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css");
 
@@ -133,4 +133,4 @@ form {
   position: relative;
   height: 100%;
 }
-</style>
+<% end %>
diff --git a/app/views/auth/create_key.html.erb b/app/views/auth/create_key.html.erb
index af16fc2..c6bcef5 100644
--- a/app/views/auth/create_key.html.erb
+++ b/app/views/auth/create_key.html.erb
@@ -18,7 +18,7 @@
     </div>
 </section>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		display: flex;
@@ -72,4 +72,4 @@
 		align-items: center;
 		text-align: center;
 	}
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/auth/email.html.erb b/app/views/auth/email.html.erb
index 1427c02..dce63d0 100644
--- a/app/views/auth/email.html.erb
+++ b/app/views/auth/email.html.erb
@@ -18,7 +18,7 @@
     </div>
 </section>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		display: flex;
@@ -80,4 +80,4 @@
 	label {
 		text-align: left;
 	}
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/auth/login.html.erb b/app/views/auth/login.html.erb
index ea040fa..1b65118 100644
--- a/app/views/auth/login.html.erb
+++ b/app/views/auth/login.html.erb
@@ -7,7 +7,7 @@
 	<p>Don't have an account? <a href="/users/register">Register</a></p>
 	<div>
 	<button style="display: flex; transform: scale(1.1);" data-action="click->webauthn#askAndLogin"> 
-		<svg version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 489 475" width="16" height="16"><style>.a{fill:var(--cultured)}.b{fill:var(--winter-sky)}</style><path class="a" d="m326 348c0 37.2-0.1 73.8 0.1 110.5 0 3.6-0.8 4.6-4.6 4.6q-157.9-0.2-315.9 0c-3.4 0-4.8-0.4-4.7-4.5 0.7-20.8-1.3-41.7 1-62.4 5-43 25.1-77.7 59.7-103.7 26.6-20 56.8-29.7 90.3-29.5 25.9 0.1 51.9-0.1 77.9 0 19.1 0.1 37.2 4.5 54.8 11.8 2 0.9 3.1 2.1 4 4 8.3 17.2 19.7 32 34.6 43.9 2 1.6 2.9 3.2 2.9 5.8-0.2 6.3-0.1 12.7-0.1 19.5z"></path><path class="a" d="m300.9 104.4c1.7 48.7-17.9 85.7-60.6 108.4-67.8 36-150.6-6-163.1-81.8-10.3-62.5 34.5-122.4 97.2-129.9 60.6-7.2 115.4 33.8 125.4 93.9 0.5 2.9 0.7 5.9 1.1 9.4z"></path><path class="a" d="m348.4 155.3c34.5-24.2 77.3-23.1 108.5 2.7 48.9 40.4 39.7 118-17.3 146-2.1 1-4.1 2-7.1 3.4 9.4 9.2 18.4 18.3 27.6 27 3.1 2.8 3 4.4 0 7.2-10.5 10.2-20.7 20.8-31.2 31-2.2 2.2-2.5 3.3-0.1 5.7 10.7 10.4 21.2 21.2 31.9 31.7 2.6 2.5 2.3 3.8-0.1 6.1-18.8 18.7-37.6 37.4-56.2 56.3-2.8 2.8-4.3 2.5-6.9-0.1q-15.2-15.6-30.7-30.8c-2.5-2.4-3.4-4.9-3.4-8.3 0.1-41.3 0.1-82.7 0.1-124 0-3-0.5-5-3.6-6.7-56.8-31-62.8-106.6-11.5-147.2z"></path><path class="b" d="m386.5 220.6c-15.5-13.3-13.1-34.9 4.5-42.8 10.4-4.7 22.9-1.4 29.9 7.8 6.8 8.9 6.6 21.7-0.5 30.5-7.3 8.9-19.4 11.7-29.7 6.9-1.4-0.6-2.6-1.4-4.2-2.4z"></path></svg>		
+		<svg version="1.2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 489 475" width="16" height="16"><%= style_tag nonce: true do %>.a{fill:var(--cultured)}.b{fill:var(--winter-sky)}<% end %><path class="a" d="m326 348c0 37.2-0.1 73.8 0.1 110.5 0 3.6-0.8 4.6-4.6 4.6q-157.9-0.2-315.9 0c-3.4 0-4.8-0.4-4.7-4.5 0.7-20.8-1.3-41.7 1-62.4 5-43 25.1-77.7 59.7-103.7 26.6-20 56.8-29.7 90.3-29.5 25.9 0.1 51.9-0.1 77.9 0 19.1 0.1 37.2 4.5 54.8 11.8 2 0.9 3.1 2.1 4 4 8.3 17.2 19.7 32 34.6 43.9 2 1.6 2.9 3.2 2.9 5.8-0.2 6.3-0.1 12.7-0.1 19.5z"></path><path class="a" d="m300.9 104.4c1.7 48.7-17.9 85.7-60.6 108.4-67.8 36-150.6-6-163.1-81.8-10.3-62.5 34.5-122.4 97.2-129.9 60.6-7.2 115.4 33.8 125.4 93.9 0.5 2.9 0.7 5.9 1.1 9.4z"></path><path class="a" d="m348.4 155.3c34.5-24.2 77.3-23.1 108.5 2.7 48.9 40.4 39.7 118-17.3 146-2.1 1-4.1 2-7.1 3.4 9.4 9.2 18.4 18.3 27.6 27 3.1 2.8 3 4.4 0 7.2-10.5 10.2-20.7 20.8-31.2 31-2.2 2.2-2.5 3.3-0.1 5.7 10.7 10.4 21.2 21.2 31.9 31.7 2.6 2.5 2.3 3.8-0.1 6.1-18.8 18.7-37.6 37.4-56.2 56.3-2.8 2.8-4.3 2.5-6.9-0.1q-15.2-15.6-30.7-30.8c-2.5-2.4-3.4-4.9-3.4-8.3 0.1-41.3 0.1-82.7 0.1-124 0-3-0.5-5-3.6-6.7-56.8-31-62.8-106.6-11.5-147.2z"></path><path class="b" d="m386.5 220.6c-15.5-13.3-13.1-34.9 4.5-42.8 10.4-4.7 22.9-1.4 29.9 7.8 6.8 8.9 6.6 21.7-0.5 30.5-7.3 8.9-19.4 11.7-29.7 6.9-1.4-0.6-2.6-1.4-4.2-2.4z"></path></svg>		
 		Login with a Passkey
 	</button>
 	<div style="transform: scale(0.9);" >
@@ -24,7 +24,7 @@
 	</div>
 </section>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		padding-top: 4rem;
@@ -79,4 +79,4 @@
 		align-items: center;
 		text-align: center;
 	}
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/developers/applications/index.html.erb b/app/views/developers/applications/index.html.erb
index fe4b9ea..02c06c4 100644
--- a/app/views/developers/applications/index.html.erb
+++ b/app/views/developers/applications/index.html.erb
@@ -40,10 +40,10 @@
 
 </div>
 
-<style>
+<%= style_tag nonce: true do %>
   input[type=text] {
     min-width: unset;
     color: var(--bg) !important;
     border-color: var(--bg) !important;
   }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/developers/applications/request.html.erb b/app/views/developers/applications/request.html.erb
index 35a69c9..3c2c0da 100644
--- a/app/views/developers/applications/request.html.erb
+++ b/app/views/developers/applications/request.html.erb
@@ -25,7 +25,7 @@
 <% end %>
 
 
-<style>
+<%= style_tag nonce: true do %>
     form {
         max-width: 50vw;
     }
@@ -51,4 +51,4 @@
     a {
         color: var(--winter-sky);
     }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/developers/applications/show.html.erb b/app/views/developers/applications/show.html.erb
index 637eb14..0865c0f 100644
--- a/app/views/developers/applications/show.html.erb
+++ b/app/views/developers/applications/show.html.erb
@@ -163,7 +163,7 @@
     </div>
 </div>
 
-<style>
+<%= style_tag nonce: true do %>
   html {
     scroll-behavior: smooth !important;
   }
@@ -298,4 +298,4 @@
     background-color: rgba(255,0,0,0.1);
     border-color: var(--winter-sky);
   }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/device_authorizations/approve.html.erb b/app/views/device_authorizations/approve.html.erb
index c94c465..0731766 100644
--- a/app/views/device_authorizations/approve.html.erb
+++ b/app/views/device_authorizations/approve.html.erb
@@ -29,7 +29,7 @@
   </section>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		padding-top: 4rem;
@@ -112,4 +112,4 @@
     background-color: var(--bg) !important;
     border: 2px solid var(--winter-sky);
   }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/device_authorizations/index.html.erb b/app/views/device_authorizations/index.html.erb
index aed3274..a28f9b2 100644
--- a/app/views/device_authorizations/index.html.erb
+++ b/app/views/device_authorizations/index.html.erb
@@ -15,7 +15,7 @@
   </section>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		padding-top: 4rem;
@@ -98,4 +98,4 @@
     background-color: var(--bg) !important;
     border: 2px solid var(--winter-sky);
   }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/device_authorizations/success.html.erb b/app/views/device_authorizations/success.html.erb
index 3a7b1cf..c76dcb2 100644
--- a/app/views/device_authorizations/success.html.erb
+++ b/app/views/device_authorizations/success.html.erb
@@ -7,7 +7,7 @@
     </h2>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		padding-top: 4rem;
@@ -90,4 +90,4 @@
     background-color: var(--bg) !important;
     border: 2px solid var(--winter-sky);
   }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/domains/index.html.erb b/app/views/domains/index.html.erb
index ef6aead..2ce8e85 100644
--- a/app/views/domains/index.html.erb
+++ b/app/views/domains/index.html.erb
@@ -37,7 +37,7 @@
 
 </div>
 
-<style>
+<%= style_tag nonce: true do %>
   input[type=text] {
     min-width: unset;
     color: var(--bg) !important;
@@ -52,4 +52,4 @@
   .developers:hover {
     transform: translateX(1rem);
   }
-</style>
+<% end %>
diff --git a/app/views/domains/request_domain.html.erb b/app/views/domains/request_domain.html.erb
index 187ad17..38af0bb 100644
--- a/app/views/domains/request_domain.html.erb
+++ b/app/views/domains/request_domain.html.erb
@@ -21,7 +21,7 @@
 <% end %>
 
 
-<style>
+<%= style_tag nonce: true do %>
     form {
         max-width: 50vw;
     }
@@ -47,4 +47,4 @@
     a {
         color: var(--winter-sky);
     }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/doorkeeper/authorizations/new.html.erb b/app/views/doorkeeper/authorizations/new.html.erb
index d584d0b..bea38c5 100644
--- a/app/views/doorkeeper/authorizations/new.html.erb
+++ b/app/views/doorkeeper/authorizations/new.html.erb
@@ -47,7 +47,7 @@
   </section>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		padding-top: 4rem;
@@ -130,4 +130,4 @@
     background-color: var(--bg) !important;
     border: 2px solid var(--winter-sky);
   }
-</style>
+<% end %>
diff --git a/app/views/layouts/admin.html.erb b/app/views/layouts/admin.html.erb
index e629939..88b8084 100644
--- a/app/views/layouts/admin.html.erb
+++ b/app/views/layouts/admin.html.erb
@@ -36,7 +36,7 @@
     <%= yield_nested %>
 </div>
 
-<script>
+<%= javascript_tag nonce: true do %>
       window.ReboundSettings = {
         publicToken: "kjvsdcjhut7bw8ny8t63nh",
         email: "<%= @_current_user.email %>",
@@ -46,13 +46,13 @@
         actionLabel: "Update email",
         actionUrl: "https://admin.obl.ong/settings",
       }
-</script>
-<script>(function(r,e,b,o,u,n,d){if(r.Rebound)return;d=function(){o="script";u=e.createElement(o);u.type="text/javascript";u.src=b;u.async=true;n=e.getElementsByTagName(o)[0];n.parentNode.insertBefore(u,n)};if(r.attachEvent){r.attachEvent("onload",d)}else{r.addEventListener("load",d,false)}})(window,document,"https://rebound.postmarkapp.com/widget/1.0");</script>
+<% end %>
+<%= javascript_tag nonce: true do %>(function(r,e,b,o,u,n,d){if(r.Rebound)return;d=function(){o="script";u=e.createElement(o);u.type="text/javascript";u.src=b;u.async=true;n=e.getElementsByTagName(o)[0];n.parentNode.insertBefore(u,n)};if(r.attachEvent){r.attachEvent("onload",d)}else{r.addEventListener("load",d,false)}})(window,document,"https://rebound.postmarkapp.com/widget/1.0");<% end %>
 
 <% if @developers %>
-    <style>
+    <%= style_tag nonce: true do %>
         body {
             border: 4px dashed var(--lemon-glacier);
         }
-    </style>
+    <% end %>
 <% end %>
diff --git a/app/views/layouts/mailer.html.erb b/app/views/layouts/mailer.html.erb
index cbd34d2..1b9bc9e 100644
--- a/app/views/layouts/mailer.html.erb
+++ b/app/views/layouts/mailer.html.erb
@@ -2,9 +2,9 @@
 <html>
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <style>
+    <%= style_tag nonce: true do %>
       /* Email styles need to be inline */
-    </style>
+    <% end %>
   </head>
 
   <body>
diff --git a/app/views/users/email_verification.html.erb b/app/views/users/email_verification.html.erb
index ec97c22..96a5cd4 100644
--- a/app/views/users/email_verification.html.erb
+++ b/app/views/users/email_verification.html.erb
@@ -18,7 +18,7 @@
     </div>
 </section>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		display: flex;
@@ -80,4 +80,4 @@
 	label {
 		text-align: left;
 	}
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/users/register.html.erb b/app/views/users/register.html.erb
index 4fb23e7..8b9d159 100644
--- a/app/views/users/register.html.erb
+++ b/app/views/users/register.html.erb
@@ -24,7 +24,7 @@
 	</div>
 </section>
 
-<style>
+<%= style_tag nonce: true do %>
 	main {
 		padding: 5rem;
 		display: flex;
@@ -86,4 +86,4 @@
 	label {
 		text-align: left;
 	}
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/app/views/users/settings.html.erb b/app/views/users/settings.html.erb
index 71d0aed..4e17125 100644
--- a/app/views/users/settings.html.erb
+++ b/app/views/users/settings.html.erb
@@ -53,11 +53,11 @@
     </section>
 </main>
 
-<style>
+<%= style_tag nonce: true do %>
     .logout-box {
         padding: 1rem;
         border-radius: 6px;
         border: 3px solid var(--winter-sky);
         background-color: #562132;
     }
-</style>
\ No newline at end of file
+<% end %>
\ No newline at end of file
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index b3076b3..bb74da5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -4,22 +4,23 @@
 # See the Securing Rails Applications Guide for more information:
 # https://guides.rubyonrails.org/security.html#content-security-policy-header
 
-# Rails.application.configure do
-#   config.content_security_policy do |policy|
-#     policy.default_src :self, :https
-#     policy.font_src    :self, :https, :data
-#     policy.img_src     :self, :https, :data
-#     policy.object_src  :none
-#     policy.script_src  :self, :https
-#     policy.style_src   :self, :https
-#     # Specify URI for violation reports
-#     # policy.report_uri "/csp-violation-report-endpoint"
-#   end
-#
-#   # Generate session nonces for permitted importmap, inline scripts, and inline styles.
-#   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
-#   config.content_security_policy_nonce_directives = %w(script-src style-src)
-#
-#   # Report violations without enforcing the policy.
-#   # config.content_security_policy_report_only = true
-# end
+Rails.application.configure do
+  config.content_security_policy do |policy|
+    policy.default_src :self, "https://rebound.postmarkapp.com", "https://esm.sh/v135/selectlist-polyfill@0.3.0/es2022/selectlist-polyfill.mjs", "https://ga.jspm.io/npm:local-time@3.0.2/app/assets/javascripts/local-time.es2017-esm.js", "https://esm.sh/selectlist-polyfill@0.3.0"
+    policy.font_src :self, :data
+    policy.img_src :self, :data
+    policy.object_src :none
+    policy.script_src :self, "https://rebound.postmarkapp.com"
+    policy.style_src :self, "https://unpkg.com/cursor-chat/dist/style.css"
+    policy.style_src_attr :self, "'unsafe-inline'"
+    # Specify URI for violation reports
+    # policy.report_uri "/csp-violation-report-endpoint"
+  end
+
+  # Generate session nonces for permitted importmap, inline scripts, and inline styles.
+  config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+  config.content_security_policy_nonce_directives = %w[script-src style-src]
+
+  # Report violations without enforcing the policy.
+  config.content_security_policy_report_only = true unless Rails.env.production?
+end