diff --git a/docker/includes/security-headers-online.conf b/docker/includes/security-headers-online.conf
index 3fce72ec..f91a84ca 100644
--- a/docker/includes/security-headers-online.conf
+++ b/docker/includes/security-headers-online.conf
@@ -3,4 +3,4 @@ include /etc/nginx/includes/security-headers-base.conf;
 # Govern what content can be loaded by the server and from where
 # Click jacking prevention to be used in addition to X-Frame-Options
 # Requires allowing inline-styles and inline data objects (svg imgs)
-add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data:; frame-ancestors 'self'; form-action 'self'; ";
+add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:  https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/min/; img-src 'self' data:; frame-ancestors 'self'; form-action 'self'; script-src-elem 'self' https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/min/; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/min/;";