diff --git a/scipost_django/SciPost_v1/settings/base.py b/scipost_django/SciPost_v1/settings/base.py
index 1b01461462a292183b09e15088a95cf63cdae08c..7fe747675bf5f6f29bdb1e8fc786ce70cf166f6e 100644
--- a/scipost_django/SciPost_v1/settings/base.py
+++ b/scipost_django/SciPost_v1/settings/base.py
@@ -226,18 +226,18 @@ SECURE_HSTS_PRELOAD = True
 SECURE_CONTENT_TYPE_NOSNIFF = True
 X_FRAME_OPTIONS = 'DENY'
 REFERRER_POLICY = 'same-origin'
-CSP_FONT_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FONT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                 'data:', 'fonts.gstatic.com', 'cdnjs.cloudflare.com',
                 'www.google.com', 'themes.googleusercontent.com')
-CSP_FRAME_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_FRAME_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                  'crossmark.crossref.org',
                  'www.google.com', 'player.vimeo.com', 'www.youtube-nocookie.com',
                  'www.recaptcha.net', 'www.mendeley.com', 'plaudit.pub')
-CSP_IMG_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_IMG_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                'data:', 'ajax.googleapis.com', 'assets.crossref.org',
                'licensebuttons.net', 'crossmark-cdn.crossref.org',
                'www.paypalobjects.com')
-CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
+CSP_SCRIPT_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'", "'unsafe-inline'",
                   'ajax.googleapis.com', 'cdn.mathjax.org',
                   'cdnjs.cloudflare.com',
                   'crossmark-cdn.crossref.org',
@@ -247,7 +247,7 @@ CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'", "'unsafe-inline'",
                   'cdn.plot.ly',
                   'unpkg.com/htmx.org@1.6.0'
                   )
-CSP_STYLE_SRC = ("'self'", 'scipost.org', "'report-sample'",
+CSP_STYLE_SRC = ("'self'", 'scipost.org', 'www.scipost.org', "'report-sample'",
                  'crossmark-cdn.crossref.org',
                  "'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
                  'fonts.googleapis.com',
diff --git a/scipost_django/SciPost_v1/settings/production.py b/scipost_django/SciPost_v1/settings/production.py
index b30235f9a56a08dec0c6da02af7c43d2e02bcf96..f33855161c0ed230d79f0f412b3c1f48285a0c09 100644
--- a/scipost_django/SciPost_v1/settings/production.py
+++ b/scipost_django/SciPost_v1/settings/production.py
@@ -6,7 +6,7 @@ from .base import *
 
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org']
 
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'
diff --git a/scipost_django/SciPost_v1/settings/production_do1.py b/scipost_django/SciPost_v1/settings/production_do1.py
index 70c412817c6551c8b5da658885ae3f1137e90afb..010f16fe8019466485095a38b3696816fdfab848 100644
--- a/scipost_django/SciPost_v1/settings/production_do1.py
+++ b/scipost_django/SciPost_v1/settings/production_do1.py
@@ -6,7 +6,7 @@ from .base import *
 
 # THE MAIN THING HERE
 DEBUG = False
-ALLOWED_HOSTS = ['www.scipost.org', 'scipost.org', 'localhost', '142.93.224.252']
+ALLOWED_HOSTS = ['scipost.org', 'www.scipost.org', 'localhost', '142.93.224.252']
 
 # Static and media
 STATIC_URL = 'https://scipost.org/static/'