diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 274cd1a7b2..55eaa04379 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -36,7 +36,7 @@ class SecureHeaders
      * Handle an incoming request. May not be a limited user (ie. Sandstorm env. or demo user).
      *
      * @param \Illuminate\Http\Request $request
-     * @param \Closure                 $next
+     * @param \Closure $next
      *
      * @return mixed
      */
@@ -44,9 +44,11 @@ class SecureHeaders
     {
         $response    = $next($request);
         $google      = '';
+        $googleImg   = '';
         $analyticsId = config('firefly.analytics_id');
         if ('' !== $analyticsId) {
-            $google = 'www.googletagmanager.com/gtag/js'; // @codeCoverageIgnore
+            $google    = 'www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js'; // @codeCoverageIgnore
+            $googleImg = 'https://www.google-analytics.com/';
         }
         $csp = [
             "default-src 'none'",
@@ -56,7 +58,7 @@ class SecureHeaders
             "base-uri 'self'",
             "font-src 'self' data:",
             "connect-src 'self'",
-            "img-src 'self' data: https://api.tiles.mapbox.com",
+            sprintf("img-src 'self' data: https://api.tiles.mapbox.com %s", $googleImg),
             "manifest-src 'self'",
         ];