diff --git a/deployment/roles/reverse/templates/nginx/nginx.conf.j2 b/deployment/roles/reverse/templates/nginx/nginx.conf.j2
index 3b61f19e36b558986abcbb86c46d1f5d80eed43f..ef5474f3e4b22eaf7614837acf1f970d16e7041c 100644
--- a/deployment/roles/reverse/templates/nginx/nginx.conf.j2
+++ b/deployment/roles/reverse/templates/nginx/nginx.conf.j2
@@ -44,7 +44,7 @@ http {
     #hide server tokens
     server_tokens off;
 
-    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com; frame-src 'self'; object-src 'self'";
+    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com; frame-src 'self' blob: ; object-src 'self' data: blob: ; upgrade-insecure-requests";
 
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;