diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js
index fa310643fd..7f464f02de 100644
--- a/public/js/lib/jailed/_frame.js
+++ b/public/js/lib/jailed/_frame.js
@@ -36,7 +36,7 @@ try {
   blobUrl = blobUrl.getBlob();
 }
 
-var worker = new Worker(URL.createObjectURL(blobUrl));
+var worker = new Worker(URL.createObjectURL('https:' + blobUrl));
 
 // telling worker to load _pluginWeb.js (see blob code above)
 worker.postMessage({
diff --git a/server/server.js b/server/server.js
index 69e02e8496..cc69e11ae3 100755
--- a/server/server.js
+++ b/server/server.js
@@ -132,7 +132,8 @@ var trusted = [
   'wss://inspectletws.herokuapp.com/',
   'http://hn.inspectlet.com/',
   '*.googleapis.com',
-  '*.gstatic.com'
+  '*.gstatic.com',
+  'https://hn.inspectlet.com/'
 ];
 
 app.use(helmet.csp({