diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 83269b313e..7f633eee52 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -147,6 +147,11 @@ class SecurityMiddleware:
         return "; ".join(k + ' ' + v for k, v in h.items())
 
     def process_response(self, request, resp):
+        if settings.DEBUG and resp.status_code >= 400:
+            # Don't use CSP on debug error page as it breaks of Django's fancy error
+            # pages
+            return resp
+
         resp['X-XSS-Protection'] = '1'
         h = {
             'default-src': "{static}",