nano /etc/apache/sites-available/default-ssl.conf

<VirtualHost *:443>
...
Header set Content-Security-Policy "default-scr 'self';
...
</VirtualHost>