diff --git a/server.ts b/server.ts
index 9c025a82..ab5dac2b 100644
--- a/server.ts
+++ b/server.ts
@@ -12,8 +12,6 @@ import { injectDynatraceTag } from './server/config/dynatrace.js';
 
 dotenv.config();
 
-console.log(process.env);
-
 const { DYNATRACE_SCRIPT_URL } = process.env;
 if (DYNATRACE_SCRIPT_URL) {
   injectDynatraceTag(DYNATRACE_SCRIPT_URL);
@@ -94,6 +92,9 @@ if (DYNATRACE_SCRIPT_URL) {
 fastify.register(helmet, {
   contentSecurityPolicy: {
     directives: {
+      defaultSrc: ["'self'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      imgSrc: ["'self'", 'data:', 'https:'],
       'connect-src': ["'self'", 'sdk.openui5.org', sentryHost, dynatraceOrigin],
       'script-src': isLocalDev
         ? ["'self'", "'unsafe-inline'", "'unsafe-eval'", sentryHost, dynatraceOrigin]
@@ -102,6 +103,12 @@ fastify.register(helmet, {
       'frame-ancestors': [...fastify.config.FRAME_ANCESTORS.split(',')],
     },
   },
+  // Needed for https enforcement
+  hsts: {
+    maxAge: 31536000,
+    includeSubDomains: true,
+    preload: true,
+  },
 });
 
 fastify.register(proxy, {
diff --git a/vite.config.js b/vite.config.js
index 283c2549..6d8e139d 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -35,7 +35,7 @@ export default defineConfig({
   },
 
   build: {
-    sourcemap: true,
+    sourcemap: process.env.NODE_ENV !== 'production',
     target: 'esnext', // Support top-level await
   },
 });