diff --git a/netlify.toml b/netlify.toml
index b0768ee..91e93fb 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -15,7 +15,7 @@
     X-Frame-Options = "DENY"
     
     # Content Security Policy - Comprehensive XSS and injection protection
-    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://min-api.cryptocompare.com https://api.blocknative.com https://rpc.xinfin.network; frame-src https://app.netlify.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests"
+    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://min-api.cryptocompare.com https://api.blocknative.com https://rpc.xinfin.network https://xdctraderpc.xinfin.network; frame-src https://app.netlify.com; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests"
     
     # Permissions Policy - Browser feature access control
     Permissions-Policy = "camera=(), microphone=(), geolocation=(), interest-cohort=(), payment=(), usb=(), bluetooth=(), magnetometer=(), gyroscope=(), accelerometer=(), autoplay=(), encrypted-media=(), fullscreen=(self), picture-in-picture=()"