diff --git a/middlewares/content-security-policy/index.ts b/middlewares/content-security-policy/index.ts
index 38cc436..ee4505b 100644
--- a/middlewares/content-security-policy/index.ts
+++ b/middlewares/content-security-policy/index.ts
@@ -39,10 +39,22 @@ interface ContentSecurityPolicy {
 
 const dangerouslyDisableDefaultSrc = Symbol("dangerouslyDisableDefaultSrc");
 
-const DEFAULT_DIRECTIVES: Record<
+const SHOULD_BE_QUOTED: ReadonlySet<string> = new Set([
+  "none",
+  "self",
+  "strict-dynamic",
+  "report-sample",
+  "inline-speculation-rules",
+  "unsafe-inline",
+  "unsafe-eval",
+  "unsafe-hashes",
+  "wasm-unsafe-eval",
+]);
+
+const getDefaultDirectives = (): Record<
   string,
   Iterable<ContentSecurityPolicyDirectiveValue>
-> = {
+> => ({
   "default-src": ["'self'"],
   "base-uri": ["'self'"],
   "font-src": ["'self'", "https:", "data:"],
@@ -54,21 +66,7 @@ const DEFAULT_DIRECTIVES: Record<
   "script-src-attr": ["'none'"],
   "style-src": ["'self'", "https:", "'unsafe-inline'"],
   "upgrade-insecure-requests": [],
-};
-
-const SHOULD_BE_QUOTED: ReadonlySet<string> = new Set([
-  "none",
-  "self",
-  "strict-dynamic",
-  "report-sample",
-  "inline-speculation-rules",
-  "unsafe-inline",
-  "unsafe-eval",
-  "unsafe-hashes",
-  "wasm-unsafe-eval",
-]);
-
-const getDefaultDirectives = () => structuredClone(DEFAULT_DIRECTIVES);
+});
 
 const dashify = (str: string): string =>
   str.replace(/[A-Z]/g, (capitalLetter) => "-" + capitalLetter.toLowerCase());