diff --git a/files/nginx/common-headers.conf b/files/nginx/common-headers.conf
index 7661bb01..7fa6eefa 100644
--- a/files/nginx/common-headers.conf
+++ b/files/nginx/common-headers.conf
@@ -6,7 +6,7 @@
 # They are included here to ease interpretation of violation reports.
 #
 # N.B. a separate CSP is defined for Enketo in odk.conf.template
-add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self' https://getodk.github.io/central/news.html; img-src *; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; style-src-attr 'unsafe-inline'; report-uri /csp-report";
+add_header Content-Security-Policy-Report-Only "default-src 'none'; connect-src 'self'; font-src 'self'; frame-src 'self' https://getodk.github.io/central/news.html; img-src * data:; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; style-src-attr 'unsafe-inline'; report-uri /csp-report";
 
 # If changing these headers, please apply the same updates to enketo
 # location(s) in odk.conf.template