diff --git a/backend/src/main.ts b/backend/src/main.ts
index ec1c382..07611fd 100644
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -28,6 +28,25 @@ async function bootstrap() {
 
     app.use(
       helmet({
+        contentSecurityPolicy: {
+          directives: {
+            defaultSrc: ["'self'"],
+            scriptSrc: [
+              "'self'",
+              "'unsafe-inline'",
+              "'unsafe-eval'",
+              "https://eu-assets.i.posthog.com",
+            ],
+            connectSrc: [
+              "'self'",
+              "https://eu.posthog.com",
+              "https://eu-assets.i.posthog.com",
+            ],
+            imgSrc: ["'self'", "data:", "https:"],
+            styleSrc: ["'self'", "'unsafe-inline'"],
+            fontSrc: ["'self'", "data:", "https:"],
+          },
+        },
         crossOriginResourcePolicy: {
           policy: "cross-origin",
         },
diff --git a/frontend/src/services/api.js b/frontend/src/services/api.js
index aee1217..3da7324 100644
--- a/frontend/src/services/api.js
+++ b/frontend/src/services/api.js
@@ -2,7 +2,7 @@ import axios from "axios";
 
 const API_URL = "https://imkapi.oblak.solutions:3000";
 const api = axios.create({
-  baseURL: API_URL,
+  baseURL: "https://imkapi.oblak.solutions",
   withCredentials: true,
   headers: {
     Accept: "application/json, text/plain, */*",