diff --git a/files/__main__.py b/files/__main__.py
index fb6c44613..8a259aa29 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -124,8 +124,8 @@ def teardown_request(error):
 def after_request(response):
 
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
-	response.headers.add("Referrer-Policy", "same-origin")
 	response.headers.add("X-Frame-Options", "deny")
+	response.headers.add("Content-Security-Policy", "script-src 'self';")
 	return response
 
 
diff --git a/files/routes/posts.py b/files/routes/posts.py
index 99ebea693..518ea6f13 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -1070,7 +1070,7 @@ def submit_post(v):
 		if "rama" in request.host or "pcm" in request.host:
 			if v.id == CARP_ID:
 				if random.random() < 0.02: body = "i love you carp"
-				else: body = "![](/assets/images/emojis/fuckoffcarp.webp)"
+				else: body = ":#marseyfuckoffcarp:"
 			elif v.id == LAWLZ_ID:
 				if random.random() < 0.5: body = "wow, this lawlzpost sucks!"
 				else: body = "wow, a good lawlzpost for once!"