diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
index 1e8d7fd53e..324f9fe899 100755
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@@ -413,7 +413,8 @@ $_configuration['agenda_legend'] = [
 // Content Security Policy is an effective measure to protect your site from
 // XSS attacks. By whitelisting sources of approved content, you can prevent
 // the browser from loading malicious assets.
-//$_configuration['security_content_policy'] = '';
+// The provided default is an *example*, please customize.
+//$_configuration['security_content_policy'] = 'default-src \'self\'; script-src *://*.google.com:*';
 //
 // HTTP Public Key Pinning protects your site from MiTM attacks using rogue
 // X.509 certificates. By whitelisting only the identities that the browser
@@ -439,7 +440,7 @@ $_configuration['agenda_legend'] = [
 //$_configuration['security_x_content_type_options'] = 'X-Content-Type-Options: nosniff';
 //
 // Referrer Policy is a new header that allows a site to control how much
-// information the browser includes with navigations away from a document
+// information the browser includes with navigation away from a document
 // and should be set by all sites.
-//$_configuration['security_referrer_policy'] = '';
+//$_configuration['security_referrer_policy'] = 'origin-when-cross-origin';
 // HTTP headers security section ends here
\ No newline at end of file