diff --git a/app.py b/app.py
index 8a7a8c4..769c79e 100644
--- a/app.py
+++ b/app.py
@@ -104,6 +104,8 @@ csp = {
     "script-src": "'self'",  # to use nonce
     "style-src": "'unsafe-inline'",  # for old browsers without support style-src-attr
     "style-src-elem": "'self'",
+    "base-uri": "'none'",
+    "object-src" : "'none'",
 }
 
 talisman = Talisman(