diff --git a/lib/resources/oidc.js b/lib/resources/oidc.js
index 6556ea2ef..f675981ca 100644
--- a/lib/resources/oidc.js
+++ b/lib/resources/oidc.js
@@ -175,7 +175,7 @@ module.exports = (service, __, anonymousEndpoint) => {
       // return redirect(303, nextPath);
       // Instead, we need to render a page and then "browse" from that page to the normal frontend:
 
-      res.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; style-src-elem 'sha256-${styleHash}'; report-uri /csp-report`);
+      res.set('Content-Security-Policy', `default-src 'none';  form-action 'none'; frame-ancestors 'none'; img-src 'self'; style-src-elem 'sha256-${styleHash}'; report-uri /csp-report`);
       return render(loaderTemplate, { nextPath });
     } catch (err) {
       if (redirect.isRedirect(err)) {