diff --git a/COPY/etc/httpd/conf.d/manageiq-https-application.conf b/COPY/etc/httpd/conf.d/manageiq-https-application.conf
index 704d0f5..d42c1b6 100644
--- a/COPY/etc/httpd/conf.d/manageiq-https-application.conf
+++ b/COPY/etc/httpd/conf.d/manageiq-https-application.conf
@@ -24,7 +24,7 @@ SSLCertificateKeyFile /var/www/miq/vmdb/certs/server.cer.key
Header unset ETag
- Header set Content-Security-Policy "default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self' fonts.gstatic.com; script-src 'self'; style-src 'self'; report-uri /dashboard/csp_report"
+ Header set Content-Security-Policy "default-src 'self'; child-src 'self'; connect-src 'self' fonts.gstatic.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com fonts.gstatic.com; report-uri /dashboard/csp_report"
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Permitted-Cross-Domain-Policies "none"
@@ -37,7 +37,7 @@ SSLCertificateKeyFile /var/www/miq/vmdb/certs/server.cer.key
Header unset ETag
- Header set Content-Security-Policy "default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self' fonts.gstatic.com; script-src 'self'; style-src 'self'; report-uri /dashboard/csp_report"
+ Header set Content-Security-Policy "default-src 'self'; child-src 'self'; connect-src 'self' fonts.gstatic.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self' fonts.googleapis.com fonts.gstatic.com; report-uri /dashboard/csp_report"
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Permitted-Cross-Domain-Policies "none"