diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index 139dedbb8..23e6aebc2 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -4,7 +4,8 @@ server {
 
     add_header X-Frame-Options "sameorigin";
     add_header X-Content-Type-Options "nosniff";
-    add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'";
+    # If data mus be fetched from external servers (e.g. exchange rates), add the URL to connect-src:
+    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://sdw-wsrest.ecb.europa.eu/service/data/EXR/; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'self'; form-action 'self'";
 
     #charset koi8-r;
     #access_log  /var/log/nginx/host.access.log  main;