diff --git a/.github/workflows/reusable-deploy-job.yml b/.github/workflows/reusable-deploy-job.yml
index 809b7555..8d53bfe0 100644
--- a/.github/workflows/reusable-deploy-job.yml
+++ b/.github/workflows/reusable-deploy-job.yml
@@ -86,6 +86,7 @@ jobs:
         run: |
           echo "FRONTEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.FRONTEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV
           echo "BACKEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.BACKEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV
+          echo "BACKEND_DOMAIN_NAME=$(echo ${{ secrets.BACKEND_URL }} | sed 's/^https:\/\///; s/\/backend//')" >> $GITHUB_ENV
 
       - name: Deploy Frontend
         run: serverless s3sync bucket --bucket ${{ secrets.COMPANY_ABBREVIATION }}-lara-frontend-${{ inputs.target }}
diff --git a/serverless.yml b/serverless.yml
index 9b207692..a79d7de9 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -609,6 +609,9 @@ resources:
               Protection: true
               ModeBlock: true
               Override: false
+            ContentSecurityPolicy:
+              ContentSecurityPolicy: "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' ${env:IMAGE_SERVICE_URL} ${env:AVATAR_URL} ${env:AVATAR_BUCKET_URL} data:; connect-src 'self' https://${env:BACKEND_DOMAIN_NAME} ${env:MICROSOFT_LOGIN_URL};
+              Override: true
           CustomHeadersConfig:
             Items:
               - Header: Cache-Control