diff --git a/src/main/java/org/olat/admin/security/_i18n/LocalStrings_de.properties b/src/main/java/org/olat/admin/security/_i18n/LocalStrings_de.properties
index 84f34cb45df71fa0d91444c3f6fabd19ab07aa2a..32cc4e756180a23858fafe933e7711b17cd01114 100644
--- a/src/main/java/org/olat/admin/security/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/admin/security/_i18n/LocalStrings_de.properties
@@ -16,7 +16,7 @@ sec.csp.plugin.type=plugin-type
 sec.csp.default.value=Wert immer dabei: {0}. Beispiel: {1}
 sec.description=W\u00E4hlen Sie den notwendigen Sicherheitslevel je nach Anforderungen Ihrer Institution. Um die h\u00F6chste Sicherheitsstufe zu erreichen m\u00FCssen s\u00E4mtliche untenstehenden Sicherheitsfunktionen eingeschaltet sein. 
 sec.description.headers=Diese Headers verhindert unischere Verh\u00e4ltnis wie ... 
-sec.description.csp=Achtung! Diese Konfiguration kann Kontent bloquieren. Es gibt Werte für jede Directive die nicht konfiguierbar sind, das sind die Werte dass OpenOLAT intern für sich selbst, für Video (youtube und vimeo) und MathJax braucht. Mehr Informationen finden Sie unter <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">Content-Security-Policy</a>.
+sec.description.csp=Achtung! Diese Konfiguration kann Inhalt wie LTI Kursbaustein, externe Seite und HTML Seite sperren. Dazu sind die folgende Kursbaustein zur Zeit noch nicht unterstützt: card2brain, edubase, edubook, GoToTraining, openmeeting, vitero and Paypal. Mehr Informationen finden Sie unter <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">Content-Security-Policy</a>.
 sec.force.download=Dateidownload in Ordner erzwingen
 sec.title=Sicherheitseinstellungen
 sec.topframe=Frame Einbettung per JavaScript verhindern
diff --git a/src/main/java/org/olat/admin/security/_i18n/LocalStrings_en.properties b/src/main/java/org/olat/admin/security/_i18n/LocalStrings_en.properties
index 4ac9e0885215cc30a1f57835eb06346436ec6147..07e294ccf6e6c3d8ad39218e4e52f6944ccccf5e 100644
--- a/src/main/java/org/olat/admin/security/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/admin/security/_i18n/LocalStrings_en.properties
@@ -15,8 +15,8 @@ sec.csp.plugin.type=plugin-type
 sec.csp.script.src=script-src
 sec.csp.style.src=style-src
 sec.description=Choose the security level depending on the requirements of your institution. To achieve the highest security level, all of the security features listed below have to be activated.
-sec.description.csp=This configuration can block or break some content. A part of the configuration is fix, these are the values needed by OpenOLAT itself, the MathJax Library and to play video from youtue and vimeo. You will find more informations about content security policy under <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">Content-Security-Policy</a>.
-sec.description.headers=These headers prevetn unsecure behavior. 
+sec.description.csp=Warning! This configuration can block or break content like LTI course elements, external pages and HTML pages. The following course elements are currently not supported: card2brain, edubase, edubook, GoToTraining, openmeeting, vitero and Paypal. You will find more informations about content security policy under <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">Content-Security-Policy</a>.
+sec.description.headers=These headers prevents insecure behavior. 
 sec.force.download=Force file download in folders
 sec.strict.transport.sec=Prevent downgrade of HTTPS to HTTP with HTTP header
 sec.title=Security settings
diff --git a/src/test/profile/mysql/olat.local.properties b/src/test/profile/mysql/olat.local.properties
index 1997e76de1b47008042146f2e1e8d947e3c92dc4..34e0cd44e1fce70efe8868eea40899bb10e36449 100644
--- a/src/test/profile/mysql/olat.local.properties
+++ b/src/test/profile/mysql/olat.local.properties
@@ -83,4 +83,5 @@ base.security.frameOptionsSameOrigine=enabled
 base.security.strictTransportSecurity=enabled
 base.security.xContentTypeOptions=enabled
 base.security.contentSecurityPolicy=enabled
+base.security.contentSecurityPolicy.frameSrc=http://lti.frentix.com
 
diff --git a/src/test/profile/postgresql/olat.local.properties b/src/test/profile/postgresql/olat.local.properties
index a6dd9ec8f7e6c52f84256869a2ce054f7abcae5f..8c7763a890d54c7b721e7c3adfb659e5531ca843 100644
--- a/src/test/profile/postgresql/olat.local.properties
+++ b/src/test/profile/postgresql/olat.local.properties
@@ -84,3 +84,5 @@ base.security.frameOptionsSameOrigine=enabled
 base.security.strictTransportSecurity=enabled
 base.security.xContentTypeOptions=enabled
 base.security.contentSecurityPolicy=enabled
+base.security.contentSecurityPolicy.frameSrc=http://lti.frentix.com
+