diff --git a/utils/http.ts b/utils/http.ts
index 668c19ad6..22f6c1b59 100644
--- a/utils/http.ts
+++ b/utils/http.ts
@@ -157,7 +157,7 @@ export function setCSPHeaders(
     "127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:*";
   response.headers.set(
     "Content-Security-Policy",
-    `frame-ancestors 'self' ${landingPageDomain} ${localhost} ${adminDomain} ${
+    `default-src 'self'; frame-ancestors 'self' ${landingPageDomain} ${localhost} ${adminDomain} ${
       referer && isOnAdmin
         ? "https://" + referer.startsWith("http")
           ? new URL(referer).host