diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php
index 9ce387400e..688fc216b5 100644
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -103,8 +103,13 @@ class SecurityHeaders
             $csp_policy[] = "connect-src 'self'";
             $csp_policy[] = "object-src 'none'";
             $csp_policy[] = "font-src 'self' data:";
-            $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
-            $csp_policy = implode(';', $csp_policy);
+            $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
+	          
+            if(config('filesystems.disks.public.driver') == 's3') {
+               $csp_policy[] = "img-src 'self' data:  ".config('filesystems.disks.public.url');
+            }
+            $csp_policy = join(';', $csp_policy);
+           
             $response->headers->set('Content-Security-Policy', $csp_policy);
         }