diff --git a/app.js b/app.js
index 651a581a570..63f21d0b58c 100644
--- a/app.js
+++ b/app.js
@@ -137,12 +137,13 @@ app.use(helmet.contentSecurityPolicy({
     styleSrc: trusted,
     imgSrc: [
       '*.evernote.com',
-      '*.facebook.com',
       '*.amazonaws.com',
       'data:',
       '*.licdn.com',
       '*.gravatar.com',
       '*.youtube.com',
+      '*.akamaihd.net',
+      'graph.facebook.com',
       '*.githubusercontent.com',
       '*.googleusercontent.com',
     ].concat(trusted),