diff --git a/explorer/config/runtime.exs b/explorer/config/runtime.exs
index 2f21e4460..38e4a4a0d 100644
--- a/explorer/config/runtime.exs
+++ b/explorer/config/runtime.exs
@@ -35,11 +35,22 @@ if config_env() == :prod do
 
   host = System.get_env("PHX_HOST") || "http://localhost:4000"
   port = String.to_integer(System.get_env("PORT") || "4000")
+  port_ssl = String.to_integer(System.get_env("PORT_SSL") || "443")
 
   config :explorer, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
   config :explorer, ExplorerWeb.Endpoint,
-    url: [host: host, port: 443, scheme: "https"],
+    url: [
+      scheme: "https",
+      port: port_ssl,
+      host: host
+    ],
+    https: [
+      port: port_ssl,
+      cipher_suite: :strong,
+      keyfile: System.get_env("KEYFILE_PATH"),
+      certfile: System.get_env("CERTFILE_PATH"),
+    ],
     http: [
       # Enable IPv6 and bind on all interfaces.
       # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
diff --git a/explorer/lib/explorer_web/router.ex b/explorer/lib/explorer_web/router.ex
index db5fcd1b4..1f8abef23 100644
--- a/explorer/lib/explorer_web/router.ex
+++ b/explorer/lib/explorer_web/router.ex
@@ -7,7 +7,7 @@ defmodule ExplorerWeb.Router do
 
   @content_security_policy (case Mix.env() do
                               :prod ->
-                                "default-src 'self';connect-src wss://#{@host};img-src 'self' blob:;"
+                                "default-src 'self' 'unsafe-inline';connect-src wss://#{@host};img-src https://w3.org http://raw.githubusercontent.com https://*.github.io blob: data:;"
 
                               _ ->
                                 "default-src 'self' 'unsafe-eval' 'unsafe-inline';" <>