diff --git a/.tridactylrc b/.tridactylrc
index e01ace3f..3c4a9f66 100644
--- a/.tridactylrc
+++ b/.tridactylrc
@@ -109,6 +109,27 @@ command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddo
 " details, read the comment at the top of this file.
 fixamo_quiet
 
+" Equivalent to `set csp clobber` before it was removed. This weakens your
+" defences against cross-site-scripting attacks and other types of
+" code-injection by reducing the strictness of Content Security Policy on
+" every site in a couple of ways.
+"
+" You may not wish to run this. Mozilla strongly feels that you shouldn't.
+"
+" It allows Tridactyl to function on more pages, e.g. raw GitHub pages.
+" 
+" We remove the sandbox directive
+" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
+" which allows our iframe to run (and anyone else's) on any website.
+"
+" We weaken the style-src directive
+" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
+" to allow us to theme our elements. This exposes you to 'cross site styling'
+" attacks.
+"
+" Read https://wiki.mozilla.org/Security/CSP#Goals for more information.
+jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:["<all_urls>"],types:["main_frame"]},["blocking","responseHeaders"])
+
 " Make quickmarks for the sane Tridactyl issue view
 quickmark t https://github.com/tridactyl/tridactyl/issues?utf8=%E2%9C%93&q=sort%3Aupdated-desc+