diff --git a/cps/web.py b/cps/web.py
index e1b69ce9..98489b04 100755
--- a/cps/web.py
+++ b/cps/web.py
@@ -85,7 +85,8 @@ def add_security_headers(resp):
     csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' "
     if request.path.startswith("/author/") and config.config_use_goodreads:
         csp += "images.gr-assets.com i.gr-assets.com s.gr-assets.com"
-    csp += " data:"
+    csp += " data:;"
+    csp += " object-src: 'none';"
     resp.headers['Content-Security-Policy'] = csp
     if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:
         resp.headers['Content-Security-Policy'] += " *"