diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..5eef4af
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 kenshō digital
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..780bf04
--- /dev/null
+++ b/README.md
@@ -0,0 +1,30 @@
+# CSP for Kirby
+
+Adds a [strict policy CSP][1] header to [Kirby][2] projects.
+
+## General
+
+Uses Kirby’s [native nonce feature][3] (used for the panel) to add a strict [nonce-based][4] content security policy header to all Kirby responses.
+
+## Installation
+
+```shell
+composer require kenshodigital/kirby-csp ^1.0
+```
+
+## Usage
+
+The plugin is not configurable and just follows the latest [best practices][5].
+
+However, scripts in your frontend are expected to include a nonce and [the Kirby docs][6] already provide a good example for this.
+
+```html
+<script nonce="<?= $kirby->nonce() ?>">…</script>
+```
+
+[1]: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html#strict-policy
+[2]: https://getkirby.com
+[3]: https://getkirby.com/docs/reference/objects/cms/app/nonce
+[4]: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html#nonce-based-strict-policy
+[5]: https://web.dev/articles/strict-csp
+[6]: https://getkirby.com/docs/reference/objects/cms/app/nonce#example
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..ba1956a
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,17 @@
+{
+    "name":        "kenshodigital/kirby-csp",
+    "description": "Adds a strict policy CSP header to Kirby projects.",
+    "type":        "kirby-plugin",
+    "version":     "1.0.0",
+    "license":     "MIT",
+    "support":
+    {
+        "source": "https://github.com/kenshodigital/kirby-csp"
+    },
+    "require":
+    {
+        "php":                         "^8.3",
+        "getkirby/cms":                "^4.1",
+        "getkirby/composer-installer": "^1.2"
+    }
+}
diff --git a/hooks/route/before.php b/hooks/route/before.php
new file mode 100644
index 0000000..f201390
--- /dev/null
+++ b/hooks/route/before.php
@@ -0,0 +1,9 @@
+<?php declare(strict_types=1);
+
+return function (): void
+{
+    $this->response()->header(
+        'Content-Security-Policy',
+        "script-src 'nonce-{$this->nonce()}' 'strict-dynamic' 'unsafe-inline' https:; object-src 'none'; base-uri 'none';"
+    );
+};
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..e3fb954
--- /dev/null
+++ b/index.php
@@ -0,0 +1,9 @@
+<?php declare(strict_types=1);
+
+use Kirby\Cms\App;
+
+App::plugin('kensho/csp', [
+    'hooks' => [
+        'route:before' => require __DIR__ . '/hooks/route/before.php',
+    ],
+]);