diff --git a/backend/app.py b/backend/app.py
index 6f83640..f09a5d3 100644
--- a/backend/app.py
+++ b/backend/app.py
@@ -68,8 +68,8 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
             "script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com; "
             "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; "
             "font-src 'self' https://fonts.gstatic.com; "
-            "img-src 'self' data: https://*.tile.openstreetmap.org; "
-            "connect-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org; https://unpkg.com; "
+            "img-src 'self' data: https://*.tile.openstreetmap.org https://unpkg.com; "
+            "connect-src 'self' https://cdn.jsdelivr.net https://*.tile.openstreetmap.org; "
             "frame-ancestors 'none'; "
             "base-uri 'self'; "
             "form-action 'self';"