diff --git a/backend/src/index.ts b/backend/src/index.ts
index 12e0959..06c6f8d 100644
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -36,10 +36,10 @@ app.use(
       directives: {
         defaultSrc: ["'self'"],
         scriptSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'"], // für inline styles im Frontend
+        styleSrc: ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
+        fontSrc: ["'self'", 'https://fonts.gstatic.com', 'https://cdn.jsdelivr.net'],
         imgSrc: ["'self'", 'data:', 'https://crests.football-data.org'],
         frameAncestors: ['https://app.staffbase.com', 'https://*.staffbase.com'],
-        // upgrade-insecure-requests nur wenn HTTPS verfügbar ist, sonst werden JS-Assets geblockt
         upgradeInsecureRequests: process.env.PLUGIN_BASE_URL?.startsWith('https') ? [] : null,
       },
     },