diff --git a/src/middleware/index.js b/src/middleware/index.js
index 50665dc..aa7f9e7 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -23,7 +23,21 @@
 function setupMiddleware(app) {
   if (process.env.NODE_ENV === "production") {
     app.use(rateLimit({ windowMs: 1 * 60 * 1000, max: 100 }));
-    app.use(helmet()); // Sets secure HTTP headers. Prevents common attacks.
+    app.use(
+      helmet.contentSecurityPolicy({
+        directives: {
+          defaultSrc: ["'self'"],
+          scriptSrc: ["'self'", "https://hcaptcha.com"],
+          imgSrc: [
+            "'self'",
+            "data:",
+            "https://licensebuttons.net",
+            "https://cdn.jsdelivr.net",
+          ],
+          // add other directives as needed
+        },
+      })
+    ); // Sets secure HTTP headers. Prevents common attacks.
   }
   app.use(express.json());
   app.use(logEvent);
diff --git a/src/utils/baseContext.js b/src/utils/baseContext.js
index c447b04..9b8521f 100644
--- a/src/utils/baseContext.js
+++ b/src/utils/baseContext.js
@@ -5,7 +5,7 @@
 
 async function getBaseContext(overrides = {}) {
   const menu = await getPostsMenu(path.join(__dirname, "../../content/posts"));
-  console.log(process.env.HCAPTCHA_KEY);
+
   return Object.assign(
     {
       siteOwner: process.env.SITE_OWNER,