diff --git a/internal/middleware/security.go b/internal/middleware/security.go
index 09f3878..2d75003 100644
--- a/internal/middleware/security.go
+++ b/internal/middleware/security.go
@@ -80,7 +80,7 @@ func SecurityHeaders(cfg SecurityHeadersConfig) func(http.Handler) http.Handler
 func defaultCSP() string {
 	return strings.Join([]string{
 		"default-src 'self'",
-		"script-src 'self'",
+		"script-src 'self' 'unsafe-inline' https://unpkg.com",
 		"style-src 'self' 'unsafe-inline'",
 		"img-src 'self' https: data:",
 		"connect-src 'self'",