diff --git a/backend/securecheckplus/settings.py b/backend/securecheckplus/settings.py
index 13df1d2..1952cb0 100644
--- a/backend/securecheckplus/settings.py
+++ b/backend/securecheckplus/settings.py
@@ -300,3 +300,18 @@ def format(self, record):
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 SESSION_SAVE_EVERY_REQUEST = True
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 30  # 30 days
+
+# Content Security Policy
+CSP_DEFAULT_SRC = ("'self'",)
+CSP_IMG_SRC = (
+    "'self'",
+    "data:",
+    "*.interssl.com",
+    "www.wkoecg.at",
+    "*.geotrust.com",
+    "*.paypal.com",
+    "*.amazonaws.com",
+    "*.google-analytics.com",
+    "*.cloudflare.com",
+    "api.dicebear.com",
+)