diff --git a/app.py b/app.py
index 167fa07..476d7ae 100644
--- a/app.py
+++ b/app.py
@@ -80,13 +80,17 @@ limiter = Limiter(app, key_func=rate_limit_key)
 def install_security_headers(resp):
     csp = ("default-src 'none';"
            "img-src 'self' https:;"
-           "script-src 'self';"
            "style-src 'self' 'unsafe-inline';"
            "connect-src 'self';"
            "frame-ancestors 'none';"
            )
+    if 'SENTRY_DSN' in app.config:
+        csp += "script-src 'self' https://cdn.ravenjs.com/;"
+    else:
+        csp += "script-src 'self';"
+
     if 'CSP_REPORT_URI' in app.config:
-        csp += "; report-uri " + app.config.get('CSP_REPORT_URI')
+        csp += "report-uri " + app.config.get('CSP_REPORT_URI')
 
     if app.config.get('HTTPS'):
         resp.headers.set('strict-transport-security',
diff --git a/templates/lib/layout.html b/templates/lib/layout.html
index 2413739..5fd3a7a 100644
--- a/templates/lib/layout.html
+++ b/templates/lib/layout.html
@@ -12,6 +12,11 @@
         <meta name='og:type' content='website' />
         <meta name='twitter:card' content='summary' />
         <meta name='twitter:site:id' content='808418'/>
+
+        {% if sentry_dsn -%}
+        <script defer src="https://cdn.ravenjs.com/3.17.0/raven.min.js" crossorigin="anonymous"
+            onload="Raven.config('{{sentry_dsn}}').install()"></script>
+        {% endif -%}
         {% block scripts %}{% endblock %}
     </head>
 {%- from 'lib/picture.html' import picture %}