diff --git a/api/http/security/bouncer.go b/api/http/security/bouncer.go
index 55b7faecc..e6837bee0 100644
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@@ -534,7 +534,7 @@ func MWSecureHeaders(next http.Handler, hsts, csp bool) http.Handler {
 		}
 
 		if csp {
-			w.Header().Set("Content-Security-Policy", "script-src 'self' cdn.matomo.cloud js.hsforms.net; frame-ancestors 'none';")
+			w.Header().Set("Content-Security-Policy", "script-src 'self' cdn.matomo.cloud js.hsforms.net; object-src 'none'; frame-ancestors 'none';")
 		}
 
 		w.Header().Set("X-Content-Type-Options", "nosniff")