diff --git a/firebase.json b/firebase.json
index b7c2d0f..4611db9 100644
--- a/firebase.json
+++ b/firebase.json
@@ -20,14 +20,17 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
+          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://www.gstatic.com *.firebaseapp.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *; frame-ancestors https://admin.shopify.com https://*.myshopify.com;"
         },
         {
           "key": "strict-transport-security",
-          "value": "max-age=31536000; includeSubDomains"
+          "value": "max-age=31536000; includeSubDomains; preload"
         },{
           "key": "Permissions-Policy",
           "value": "camera=self"
+        }, {
+          "key": "X-Content-Type-Options",
+          "value": "NoSniff"
         } ]
       }]
     },
@@ -51,14 +54,17 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
+          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://www.gstatic.com *.firebaseapp.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *; frame-ancestors https://admin.shopify.com https://*.myshopify.com;"
         },
         {
           "key": "strict-transport-security",
-          "value": "max-age=31536000; includeSubDomains"
+          "value": "max-age=31536000; includeSubDomains; preload"
         },{
           "key": "Permissions-Policy",
           "value": "camera=self"
+        }, {
+          "key": "X-Content-Type-Options",
+          "value": "NoSniff"
         } ]
       }]
     },
@@ -82,14 +88,17 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *"
+          "value": "default-src 'self';font-src 'self' data: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://www.gstatic.com *.firebaseapp.com;img-src 'self' 'unsafe-inline' *.shopify.com javascript: ;style-src 'self' 'unsafe-inline' *; connect-src 'self' *; frame-ancestors https://admin.shopify.com https://*.myshopify.com;"
         },
         {
           "key": "strict-transport-security",
-          "value": "max-age=31536000; includeSubDomains"
+          "value": "max-age=31536000; includeSubDomains; preload"
         },{
           "key": "Permissions-Policy",
           "value": "camera=self"
+        }, {
+          "key": "X-Content-Type-Options",
+          "value": "NoSniff"
         } ]
       }]
     }