diff --git a/static/Caddyfile b/static/Caddyfile
index a5bbb22..15281d8 100644
--- a/static/Caddyfile
+++ b/static/Caddyfile
@@ -33,7 +33,8 @@ http://static-mat-services.fly.dev/ {
     # keep referrer data off of HTTP connections
     Referrer-Policy strict-origin-when-cross-origin
     # content security policy
-    # style-src: 'unsafe-inline' is currently enabled for syntax highlighting in codefences
+    # style-src 'unsafe-inline': syntax highlighting in codefences
+    # sandbox allow-popups: enable target="_blank" links to open in new tabs
     Content-Security-Policy "default-src 'none';
       img-src 'self';
       style-src 'self' https://cdn.jsdelivr.net/ 'unsafe-inline';
@@ -42,7 +43,7 @@ http://static-mat-services.fly.dev/ {
       frame-ancestors 'none';
       base-uri 'none';
       upgrade-insecure-requests;
-      sandbox allow-same-origin allow-top-navigation"
+      sandbox allow-same-origin allow-popups"
   }
 }