diff --git a/examples/example-csp-header.html b/examples/example-csp-header.html
index 7116d65c7..6aea8b5f5 100644
--- a/examples/example-csp-header.html
+++ b/examples/example-csp-header.html
@@ -28,12 +28,17 @@ <h2>
       <ul>
         <li>CSP header, currently using
           <code>
-            default-src 'self';
-            script-src 'self' https://cdn.jsdelivr.net 'nonce-browser-sync';
-            style-src 'self' 'nonce-random-string'; require-trusted-types-for 'script';
-            trusted-types dompurify;
+            <pre>
+              default-src 'self';
+              script-src 'self' https://cdn.jsdelivr.net 'nonce-browser-sync';
+              style-src 'self' 'nonce-random-string'; require-trusted-types-for 'script';
+              trusted-types dompurify;
+            </pre>
           </code>
         </li>
+        <li>
+          <strong>Do not use <code>https://cdn.jsdelivr.net</code> as CSP since that is too broad and risky. We only do it for demo purposes</strong>
+        </li>
       </ul>
         <h2>View Source:</h2>
         <ul>