diff --git a/app.js b/app.js
index d7048557e4..7bb86ed8e3 100755
--- a/app.js
+++ b/app.js
@@ -126,6 +126,7 @@ app.use(function(req, res, next) {
 var trusted = [
   "'self'",
   '*.freecodecamp.com',
+  'http://www.freecodecamp.com/*',
   '*.gstatic.com',
   '*.google-analytics.com',
   '*.googleapis.com',
@@ -167,7 +168,8 @@ app.use(helmet.contentSecurityPolicy({
     scriptSrc: [
         '*.optimizely.com',
         '*.aspnetcdn.com',
-        '*.d3js.org'
+        '*.d3js.org',
+        '*.freecodecamp.com'
     ].concat(trusted),
     'connect-src': [
         'ws://*.rafflecopter.com',