diff --git a/js/cf-webapp/next.config.mjs b/js/cf-webapp/next.config.mjs
index 964526d77..eba7d8ca5 100644
--- a/js/cf-webapp/next.config.mjs
+++ b/js/cf-webapp/next.config.mjs
@@ -27,10 +27,10 @@ const nextConfig = {
             key: "Content-Security-Policy",
             value: [
               "default-src 'self'",
-              "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.intercom.io https://js.intercomcdn.com https://client.crisp.chat https://settings.crisp.chat",
-              "style-src 'self' 'unsafe-inline' https://client.crisp.chat",
+              "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://widget.intercom.io https://js.intercomcdn.com https://client.crisp.chat https://settings.crisp.chat",
+              "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://client.crisp.chat",
               "img-src 'self' data: blob: https://avatars.githubusercontent.com https://github.com https://*.intercomcdn.com https://*.crisp.chat https://image.crisp.chat",
-              "font-src 'self' data: https://client.crisp.chat",
+              "font-src 'self' data: https://cdn.jsdelivr.net https://client.crisp.chat",
               "connect-src 'self' https://*.intercom.io https://api-iam.intercom.io wss://*.intercom.io https://*.crisp.chat wss://*.crisp.chat https://*.sentry.io https://*.ingest.us.sentry.io https://us.i.posthog.com https://us.posthog.com",
               "frame-src 'self' https://intercom-sheets.com https://game.crisp.chat",
               "media-src 'self' https://*.intercomcdn.com",