diff --git a/server.js b/server.js
index f9a3be2..9fd49be 100644
--- a/server.js
+++ b/server.js
@@ -22,6 +22,8 @@ certificates.setupKeys()
 
 app.use(hpp())
 app.use(helmet({
+    crossOriginResourcePolicy: { policy: "cross-origin" },
+    crossOriginEmbedderPolicy: false,
     contentSecurityPolicy: {
         directives: {
             defaultSrc: ["'self'"],