diff --git a/includes/seckit.form.inc b/includes/seckit.form.inc
index 504a2c4..dadcbf1 100644
--- a/includes/seckit.form.inc
+++ b/includes/seckit.form.inc
@@ -76,6 +76,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['default-src'],
     '#title' => 'default-src',
     '#description' => t("Specify security policy for all types of content, which are not specified further (frame-ancestors excepted). Default is 'self'."),
+    '#maxlength' => 256,
   );
   // CSP script-src directive
   $form['seckit_xss']['csp']['script-src'] = array(
@@ -83,6 +84,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['script-src'],
     '#title' => 'script-src',
     '#description' => t('Specify trustworthy sources for <script> elements.'),
+    '#maxlength' => 256,
   );
   // CSP object-src directive
   $form['seckit_xss']['csp']['object-src'] = array(
@@ -90,6 +92,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['object-src'],
     '#title' => 'object-src',
     '#description' => t('Specify trustworthy sources for <object>, <embed> and <applet> elements.'),
+    '#maxlength' => 256,
   );
   // CSP style-src directive
   $form['seckit_xss']['csp']['style-src'] = array(
@@ -97,6 +100,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['style-src'],
     '#title' => 'style-src',
     '#description' => t('Specify trustworthy sources for stylesheets. Note, that inline stylesheets and style attributes of HTML elements are allowed.'),
+    '#maxlength' => 256,
   );
   // CSP img-src directive
   $form['seckit_xss']['csp']['img-src'] = array(
@@ -104,6 +108,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['img-src'],
     '#title' => 'img-src',
     '#description' => t('Specify trustworthy sources for <img> elements.'),
+    '#maxlength' => 256,
   );
   // CSP media-src directive
   $form['seckit_xss']['csp']['media-src'] = array(
@@ -118,6 +123,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['frame-src'],
     '#title' => 'frame-src',
     '#description' => t('Specify trustworthy sources for <iframe> and <frame> elements.'),
+    '#maxlength' => 256,
   );
   // CSP font-src directive
   $form['seckit_xss']['csp']['font-src'] = array(
@@ -125,6 +131,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['font-src'],
     '#title' => 'font-src',
     '#description' => t('Specify trustworthy sources for @font-src CSS loads.'),
+    '#maxlength' => 256,
   );
   // CSP connect-src directive
   $form['seckit_xss']['csp']['connect-src'] = array(
@@ -132,6 +139,7 @@ function seckit_admin_form() {
     '#default_value' => $options['seckit_xss']['csp']['connect-src'],
     '#title' => 'connect-src',
     '#description' => t('Specify trustworthy sources for XMLHttpRequest, WebSocket and EventSource connections.'),
+    '#maxlength' => 256,
   );
   // CSP report-uri directive
   $form['seckit_xss']['csp']['report-uri'] = array(