diff --git a/app.js b/app.js
index 69d9c88..506a96a 100644
--- a/app.js
+++ b/app.js
@@ -5,7 +5,7 @@ const path = require('path')
 const flash = require('connect-flash');
 
 //extra security packages
-// const helmet = require('helmet');
+const helmet = require('helmet');
 const cors = require('cors');
 const xss = require('xss-clean');
 const rateLimiter = require('express-rate-limit');
@@ -54,18 +54,18 @@ app.use(
   })
 )
 app.use(express.json());
-// app.use(helmet({
-//   contentSecurityPolicy: {
-//     directives: {
-//     defaultSrc: ["'self'"],
-//     imgSrc: ["'self'"],
-//     scriptSrc: ["'self'", "https://code.jquery.com/jquery-3.5.1.slim.min.js/"],
-//     objectSrc: ["'none'"],
-//     styleSrc: ["'self'", "https://cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/js/bootstrap.min.js/", "https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js/"],
-//     upgradeInsecureRequests: [],
-//   },
-// }
-// }));
+app.use(helmet({
+  contentSecurityPolicy: {
+    directives: {
+    defaultSrc: ["'self'"],
+    imgSrc: ["'self'"],
+    scriptSrc: ["'self'", "code.jquery.com"],
+    objectSrc: ["'none'"],
+    styleSrc: ["'self'", "cdn.jsdelivr.net", "cdn.jsdelivr.net"],
+    upgradeInsecureRequests: [],
+  },
+}
+}));
 app.use(cors());
 app.use(xss());