diff --git a/pom.xml b/pom.xml
index e5ee68e647..805d2d8aba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -123,7 +123,7 @@
9.5.0
2.0.0.AM27
4.5.14
- 2.6.2
+ 2.8.0
3.2.6
https://roda-community.org
all
diff --git a/roda-ui/roda-wui/src/main/java/org/roda/wui/filter/SecurityHeadersFilter.java b/roda-ui/roda-wui/src/main/java/org/roda/wui/filter/SecurityHeadersFilter.java
index 7c0da060a6..f0688a3500 100644
--- a/roda-ui/roda-wui/src/main/java/org/roda/wui/filter/SecurityHeadersFilter.java
+++ b/roda-ui/roda-wui/src/main/java/org/roda/wui/filter/SecurityHeadersFilter.java
@@ -13,9 +13,9 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
httpServletResponse.setHeader("Content-Security-Policy",
- "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com " +
- "https://www.google-analytics.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; " +
- "img-src 'self'; font-src 'self';");
+ "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com " +
+ "https://www.google-analytics.com https://www.gstatic.com http://127.0.0.1:9876; " +
+ "style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';");
httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
httpServletResponse.setHeader("X-Permitted-Cross-Domain-Policies", "none");
httpServletResponse.setHeader("Feature-Policy", "camera 'none'; fullscreen 'self'; geolocation *; " +