diff --git a/digitalstrategie/settings/dev.py b/digitalstrategie/settings/dev.py
index 0e8bc15f..cc00f3ca 100644
--- a/digitalstrategie/settings/dev.py
+++ b/digitalstrategie/settings/dev.py
@@ -46,7 +46,13 @@
 # CSP for development (not very strict)
 CSP_DEFAULT_SRC = ["'self'"]
 # unsafe-eval only for testing
-CSP_SCRIPT_SRC = ["'unsafe-eval'"]
+CSP_SCRIPT_SRC = [
+    "'unsafe-eval'",
+    "'self'",
+    "https://stats.liqd.net",
+    "https://berlin.de",
+    "https://www.berlin.de",
+]
 CSP_SCRIPT_SRC_ATTR = ["'none'"]
 # wagtail (and webpack during dev) requires unsafe-inline
 CSP_SCRIPT_SRC_ELEM = [
@@ -93,3 +99,4 @@
 CSP_WORKER_SRC = ["'none'"]
 CSP_EXCLUDE_URL_PREFIXES = "/admin"
 CSP_REPORT_ONLY = False
+CSP_UPGRADE_INSECURE_REQUESTS = True