diff --git a/src/Pages/SecurityHeadersAttribute.cs b/src/Pages/SecurityHeadersAttribute.cs
index 2e1302f..f3e8334 100644
--- a/src/Pages/SecurityHeadersAttribute.cs
+++ b/src/Pages/SecurityHeadersAttribute.cs
@@ -34,8 +34,11 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
             
+            // Images / SVGs
+            csp += "img-src 'self' data: w3.org/svg/2000;";
+            
             // Google Fonts
-            csp += "font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com";
+            csp += "font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com;";
 
             // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))