diff --git a/headapps/MvpSite/MvpSite.Rendering/Extensions/ApplicationBuilderExtensions.cs b/headapps/MvpSite/MvpSite.Rendering/Extensions/ApplicationBuilderExtensions.cs
index 7e7189ae..85b3a449 100644
--- a/headapps/MvpSite/MvpSite.Rendering/Extensions/ApplicationBuilderExtensions.cs
+++ b/headapps/MvpSite/MvpSite.Rendering/Extensions/ApplicationBuilderExtensions.cs
@@ -50,7 +50,8 @@ public static IApplicationBuilder UseSecurityHeaders(this IApplicationBuilder ap
             cspBuilder.Append("img-src 'self' data: ");
             cspBuilder.Append("https://www.googletagmanager.com ");
             cspBuilder.Append("https://www.google-analytics.com ");
-            cspBuilder.Append("https://*.sitecorecloud.io ");
+            cspBuilder.Append("https://*.sitecorecloud.io ");   
+            cspBuilder.Append("https://www.gravatar.com ");
             cspBuilder.Append("https://delivery-sitecore.sitecorecontenthub.cloud; ");
 
             cspBuilder.Append("font-src 'self' ");
diff --git a/headapps/Sugcon2024/next.config.ts b/headapps/Sugcon2024/next.config.ts
index 2a95c362..8e66fa2b 100644
--- a/headapps/Sugcon2024/next.config.ts
+++ b/headapps/Sugcon2024/next.config.ts
@@ -22,13 +22,15 @@ const nextConfig: NextConfig = {
             key: 'Content-Security-Policy',
             value: [
               "default-src 'self'",
-              "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://edge.sitecorecloud.io",
-              "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com",
-              "img-src 'self' data: blob: https://edge.sitecorecloud.io https://*.sitecorecloud.io https://*.sugcon.events https://www.googletagmanager.com https://www.google-analytics.com",
-              "font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com",
-              "connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://edge.sitecorecloud.io https://edge-platform.sitecorecloud.io https://*.sitecorecloud.io https://sessionize.com",
-              "frame-src 'self' https://www.youtube.com",
+              "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://edge.sitecorecloud.io https://edge-platform.sitecorecloud.io https://*.sitecorecloud.io https://sessionize.com https://*.sessionize.com https://cdn.sessionize.com https://assets.sessionize.com",
+              "style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdnjs.cloudflare.com https://sessionize.com https://*.sessionize.com https://sessionize.blob.core.windows.net",
+              "img-src 'self' data: blob: https://edge.sitecorecloud.io https://*.sitecorecloud.io https://*.sugcon.events https://www.googletagmanager.com https://www.google-analytics.com https://i.ytimg.com https://*.ytimg.com https://sessionize.com https://*.sessionize.com",
+              "font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://sessionize.com https://*.sessionize.com",
+              "connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://edge.sitecorecloud.io https://edge-platform.sitecorecloud.io https://*.sitecorecloud.io https://sessionize.com https://*.sessionize.com",
+              "frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://youtube.com https://*.youtube.com https://sessionize.com https://*.sessionize.com",
               "frame-ancestors 'self' https://*.sitecorecloud.io https://pages.sitecorecloud.io",
+              "media-src 'self' https://*.youtube.com https://*.googlevideo.com https://edge.sitecorecloud.io https://*.sitecorecloud.io https://*.sugcon.events",
+              "worker-src 'self' blob:",
               "base-uri 'self'",
               "form-action 'self'",
               "object-src 'none'",