diff --git a/nginx/nginx-security.conf b/nginx/nginx-security.conf
index 3e4e0e2c2fa95ceb557d1835baacd56ce4375d9e..b819e1e4ce122136b3da0dd0b824cc3efeb8c0e3 100644
--- a/nginx/nginx-security.conf
+++ b/nginx/nginx-security.conf
@@ -1,5 +1,17 @@
 add_header X-Frame-Options "DENY";
-add_header Content-Security-Policy "default-src 'self'; script-src 'self' www.google-analytics.com; style-src 'self' 'nonce-bGF1bmNoYm9hcmQtbm9uY2U=' www.google-analytics.com; img-src 'self'; connect-src 'self' www.google-analytics.com; font-src 'self'; object-src 'self'; media-src 'self'; manifest-src 'self' 'nonce-bGF1bmNoYm9hcmQtbm9uY2U=' *.dso.mil; frame-src 'none'; form-action 'self'; frame-ancestors 'none';" always;
+add_header Content-Security-Policy "
+  default-src 'self';
+  script-src 'self' www.google-analytics.com;
+  style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-P+0uzXC+/KB6EcdbG5lAFQwguDelLIX7v4oquSP0tKg=' 'nonce-bGF1bmNoYm9hcmQtbm9uY2U=' 'sha256-bQtGdzYPR3E8BIgiylHyB8f69AwwTO8Fs21/PmGcTW0=' 'sha256-RfArpP7YVKZK2GwjlAw5YsYwZkO2mOUnJGizYsRuK1o=' www.google-analytics.com;
+  img-src 'self';
+  connect-src 'self' www.google-analytics.com;
+  font-src 'self';
+  object-src 'self';
+  media-src 'self';
+  manifest-src 'self' 'nonce-bGF1bmNoYm9hcmQtbm9uY2U=' *.dso.mil;
+  frame-src 'none';
+  form-action 'self';
+  frame-ancestors 'none';" always;
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Content-Type-Options "nosniff";