diff --git a/sites/angestoepselt/httpd.conf b/sites/angestoepselt/httpd.conf
index 939938f..08f8f01 100644
--- a/sites/angestoepselt/httpd.conf
+++ b/sites/angestoepselt/httpd.conf
@@ -11,7 +11,7 @@ server.document-root = "@site@"
 index-file.names = ( "index.html" )
 
 setenv.set-response-header += (
-	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com, https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
+	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
 )
 
 url.redirect = (
diff --git a/sites/coderdojo/httpd.conf b/sites/coderdojo/httpd.conf
index ea2aa48..ae6c412 100644
--- a/sites/coderdojo/httpd.conf
+++ b/sites/coderdojo/httpd.conf
@@ -11,7 +11,7 @@ server.document-root = "@site@"
 index-file.names = ( "index.html" )
 
 setenv.set-response-header += (
-	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com, https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
+	"Content-Security-Policy" => "default-src 'self'; image-src 'self' https://photos.gutwe.in; script-src 'self' 'eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
 )
 
 #