diff --git a/changes/changelog.d/1489.bugfix b/changes/changelog.d/1489.bugfix
new file mode 100644
index 000000000..dd73b4205
--- /dev/null
+++ b/changes/changelog.d/1489.bugfix
@@ -0,0 +1 @@
+Add worker-src to nginx header to prevent issues (#1489)
diff --git a/deploy/nginx.template b/deploy/nginx.template
index aaa3cec7d..575030bba 100644
--- a/deploy/nginx.template
+++ b/deploy/nginx.template
@@ -44,7 +44,7 @@ server {
     # If you are using S3 to host your files, remember to add your S3 URL to the
     # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
 
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
     add_header Referrer-Policy "strict-origin-when-cross-origin";
 
     root ${FUNKWHALE_FRONTEND_PATH};
@@ -84,7 +84,7 @@ server {
     }
 
     location /front/ {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
         add_header Referrer-Policy "strict-origin-when-cross-origin";
         add_header Service-Worker-Allowed "/";
         add_header X-Frame-Options "SAMEORIGIN";
@@ -94,7 +94,7 @@ server {
         add_header Cache-Control "public, must-revalidate, proxy-revalidate";
     }
     location /front/embed.html {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
         add_header Referrer-Policy "strict-origin-when-cross-origin";
 
         add_header X-Frame-Options "ALLOW";