diff --git a/filter_plugins/csp_filters.py b/filter_plugins/csp_filters.py
index 3f4e9116..55742cd2 100644
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -31,13 +31,18 @@ class FilterModule(object):
 
     @staticmethod
     def get_csp_flags(applications, application_id, directive):
+        """
+        Dynamically extract all CSP flags for a given directive and return them as tokens,
+        e.g., "'unsafe-eval'", "'unsafe-inline'", etc.
+        """
         app = applications.get(application_id, {})
         flags = app.get('csp', {}).get('flags', {}).get(directive, {})
         tokens = []
-        if flags.get('unsafe_eval', False):
-            tokens.append("'unsafe-eval'")
-        if flags.get('unsafe_inline', False):
-            tokens.append("'unsafe-inline'")
+
+        for flag_name, enabled in flags.items():
+            if enabled:
+                tokens.append(f"'{flag_name}'")
+
         return tokens
 
     @staticmethod
diff --git a/roles/docker-discourse/vars/configuration.yml b/roles/docker-discourse/vars/configuration.yml
index db5720fc..3121f428 100644
--- a/roles/docker-discourse/vars/configuration.yml
+++ b/roles/docker-discourse/vars/configuration.yml
@@ -11,9 +11,9 @@ features:
 csp:
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
     script-src:
-      unsafe_inline: true
+      unsafe-inline: true
   whitelist:
     font-src:
       - "http://*.{{primary_domain}}"
\ No newline at end of file
diff --git a/roles/docker-espocrm/vars/configuration.yml b/roles/docker-espocrm/vars/configuration.yml
index 40329de1..668a7b68 100644
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@@ -5,13 +5,14 @@ users:
     email:                "{{ users.administrator.email }}"
 
 credentials:
-#  administrator_password: # Set in inventory file
-#  database_password:      # Set in your inventory file
-
 features:
   matomo:             true
   css:                false
   landingpage_iframe: false
   ldap:               false
   oidc:               true
-  central_database:   true
\ No newline at end of file
+  central_database:   true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-lam/vars/configuration.yml b/roles/docker-lam/vars/configuration.yml
index 833c89c2..4dbe24e1 100644
--- a/roles/docker-lam/vars/configuration.yml
+++ b/roles/docker-lam/vars/configuration.yml
@@ -11,4 +11,11 @@ features:
   landingpage_iframe:           true
   ldap:                         true
   central_database:             false
-  oauth2:                       false
\ No newline at end of file
+  oauth2:                       false
+csp:
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
\ No newline at end of file
diff --git a/roles/docker-matomo/vars/configuration.yml b/roles/docker-matomo/vars/configuration.yml
index 76958a39..bd1d64a8 100644
--- a/roles/docker-matomo/vars/configuration.yml
+++ b/roles/docker-matomo/vars/configuration.yml
@@ -4,4 +4,16 @@ features:
   css:                false
   landingpage_iframe: false
   central_database:   true
-  oauth2:             false
\ No newline at end of file
+  oauth2:             false
+csp:
+  whitelist:
+    script-src:
+      - https://cdn.matomo.cloud
+    style-src:
+      - https://fonts.googleapis.com
+  flags:
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-nextcloud/vars/configuration.yml b/roles/docker-nextcloud/vars/configuration.yml
index 1b138019..59fe356d 100644
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -4,7 +4,7 @@ ldap:
 csp:
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
 oidc:
   enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
   # floavor decides which OICD plugin should be used. 
diff --git a/roles/docker-openproject/vars/configuration.yml b/roles/docker-openproject/vars/configuration.yml
index 3ce99c41..51957f29 100644
--- a/roles/docker-openproject/vars/configuration.yml
+++ b/roles/docker-openproject/vars/configuration.yml
@@ -16,4 +16,4 @@ features:
 csp:
   flags:
     script-src:
-      unsafe_inline: true
\ No newline at end of file
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-portfolio/vars/configuration.yml b/roles/docker-portfolio/vars/configuration.yml
index 56768f5f..3c157922 100644
--- a/roles/docker-portfolio/vars/configuration.yml
+++ b/roles/docker-portfolio/vars/configuration.yml
@@ -16,3 +16,6 @@ csp:
       - https://ka-f.fontawesome.com
     frame-src:
       - "{{ web_protocol }}://*.{{primary_domain}}"
+  flags:
+    style-src-elem:
+      unsafe-inline: true
diff --git a/roles/docker-presentation/vars/configuration.yml b/roles/docker-presentation/vars/configuration.yml
index d4781af7..4df67839 100644
--- a/roles/docker-presentation/vars/configuration.yml
+++ b/roles/docker-presentation/vars/configuration.yml
@@ -16,6 +16,6 @@ csp:
       - https://cdnjs.cloudflare.com
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
     script-src:
       unsafe-eval: true
\ No newline at end of file
diff --git a/roles/docker-sphinx/vars/configuration.yml b/roles/docker-sphinx/vars/configuration.yml
index 2eca0e8e..38bf6907 100644
--- a/roles/docker-sphinx/vars/configuration.yml
+++ b/roles/docker-sphinx/vars/configuration.yml
@@ -1,4 +1,11 @@
 features:
   matomo:               true
   css:                  true
-  landingpage_iframe:   false
\ No newline at end of file
+  landingpage_iframe:   false
+csp:
+  flags:
+    script-src:
+      unsafe-inline:  true
+      unsafe-eval:    true
+    style-src:
+      unsafe-inline:  true
\ No newline at end of file
diff --git a/roles/docker-wordpress/vars/configuration.yml b/roles/docker-wordpress/vars/configuration.yml
index b26416f2..38597ab9 100644
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -10,10 +10,15 @@ plugins:
     enabled:          true
   activitypub:
     enabled:          true
-      
 features:
   matomo:             true
   css:                false
   landingpage_iframe: false
   oidc:               true
-  central_database:   true
\ No newline at end of file
+  central_database:   true
+csp:
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/tests/unit/test_csp_filters.py b/tests/unit/test_csp_filters.py
index 716b6ca0..6b0bce36 100644
--- a/tests/unit/test_csp_filters.py
+++ b/tests/unit/test_csp_filters.py
@@ -19,11 +19,11 @@ class TestCspFilters(unittest.TestCase):
                     },
                     'flags': {
                         'script-src': {
-                            'unsafe_eval': True,
-                            'unsafe_inline': False,
+                            'unsafe-eval': True,
+                            'unsafe-inline': False,
                         },
                         'style-src': {
-                            'unsafe_inline': True,
+                            'unsafe-inline': True,
                         },
                     },
                     'hashes': {