diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index a95d9f27..8894a3e5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -41,6 +41,7 @@
   policy.font_src    :self, :https, *GOVUK_DOMAINS, *GOOGLE_STATIC_DOMAINS, :data
   policy.frame_src   :self, *GOOGLE_ANALYTICS_DOMAINS, *OPTIMIZE_DOMAINS
   policy.img_src     :self,
+                     "images.ctfassets.net",
                      *GOVUK_DOMAINS,
                      *S3_DOMAINS,
                      *GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels