diff --git a/_headers b/_headers
index 9bd6a4b..597b94b 100644
--- a/_headers
+++ b/_headers
@@ -23,7 +23,7 @@
   Cross-Origin-Embedder-Policy: require-corp
   Cross-Origin-Opener-Policy: same-origin
   Cross-Origin-Resource-Policy: same-origin
-  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' 'https://rsms.me/' 'https://raw.githubusercontent.com/'; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
+  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' https://rsms.me/ https://raw.githubusercontent.com/; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
   Permissions-Policy: geolocation=(), microphone=(), camera=()
 
 /resources/people/*
@@ -36,7 +36,7 @@
   Cross-Origin-Embedder-Policy: require-corp
   Cross-Origin-Opener-Policy: same-origin
   Cross-Origin-Resource-Policy: same-origin
-  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' 'https://rsms.me/' 'https://raw.githubusercontent.com/' ; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
+  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' https://rsms.me/ https://raw.githubusercontent.com/; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
   Permissions-Policy: geolocation=(), microphone=(), camera=()
 
 /resources/icon-*.webp
@@ -49,5 +49,5 @@
   Cross-Origin-Embedder-Policy: require-corp
   Cross-Origin-Opener-Policy: same-origin
   Cross-Origin-Resource-Policy: same-origin
-  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' 'https://rsms.me/' 'https://raw.githubusercontent.com/' ; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
+  Content-Security-Policy: default-src 'none' ; base-uri 'self' ; img-src 'self' data: ; frame-src 'self' ; media-src 'self' data: ; script-src 'none' ; style-src 'self' 'unsafe-inline' data: ; object-src 'none' ; font-src 'self' https://rsms.me/ https://raw.githubusercontent.com/; frame-ancestors 'self' ; form-action 'self' ; worker-src 'self' ; manifest-src 'self' ; child-src 'self' ;
   Permissions-Policy: geolocation=(), microphone=(), camera=()