diff --git a/src/main.py b/src/main.py
index e4431cc..351a55c 100644
--- a/src/main.py
+++ b/src/main.py
@@ -235,7 +235,7 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
             "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; "
             "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; "
             "font-src 'self' https://fonts.gstatic.com; "
-            "img-src 'self' data:; "
+            "img-src 'self' data: https://*.basemaps.cartocdn.com https://*.tile.openstreetmap.org; "
             "connect-src 'self' wss: ws:; "
             "frame-ancestors 'none'"
         )