diff --git a/app/Http/Middleware/ContentSecurityPolicy.php b/app/Http/Middleware/ContentSecurityPolicy.php
index 13cf72b..145f576 100644
--- a/app/Http/Middleware/ContentSecurityPolicy.php
+++ b/app/Http/Middleware/ContentSecurityPolicy.php
@@ -33,8 +33,6 @@ class ContentSecurityPolicy
             return $response;
         }
 
-        $allowUnsafeInlineStyles = $request->is('event-admin*');
-
         $matomoOrigin = $this->normaliseOrigin(config('services.matomo.url'));
         $scriptSources = [
             "'self'",
@@ -120,11 +118,7 @@ class ContentSecurityPolicy
         $styleSources[] = 'data:';
         $connectSources[] = 'https:';
         $fontSources[] = 'https:';
-        $styleElemSources = $styleSources;
-
-        if ($allowUnsafeInlineStyles) {
-            $styleElemSources = array_unique(array_merge($styleElemSources, ["'unsafe-inline'"]));
-        }
+        $styleElemSources = array_unique(array_merge($styleSources, ["'unsafe-inline'"]));
 
         $directives = [
             'default-src' => ["'self'"],
diff --git a/resources/js/pages/welcome.tsx b/resources/js/pages/welcome.tsx
index 367eee0..f94b93a 100644
--- a/resources/js/pages/welcome.tsx
+++ b/resources/js/pages/welcome.tsx
@@ -8,8 +8,6 @@ export default function Welcome() {
     return (
         <>
             <Head title="Welcome">
-                <link rel="preconnect" href="https://fonts.bunny.net" />
-                <link href="https://fonts.bunny.net/css?family=instrument-sans:400,500,600" rel="stylesheet" />
             </Head>
             <div className="flex min-h-screen flex-col items-center bg-[#FDFDFC] p-6 text-[#1b1b18] lg:justify-center lg:p-8 dark:bg-[#0a0a0a]">
                 <header className="mb-6 w-full max-w-[335px] text-sm not-has-[nav]:hidden lg:max-w-4xl">
diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
index 35b6f67..2ba94f2 100644
--- a/resources/views/app.blade.php
+++ b/resources/views/app.blade.php
@@ -33,8 +33,6 @@
         <link rel="icon" href="{{ asset('favicon.ico') }}" type="image/x-icon">
         <link rel="apple-touch-icon" href="/apple-touch-icon.png">
 
-        <link rel="preconnect" href="https://fonts.bunny.net">
-        <link href="https://fonts.bunny.net/css?family=instrument-sans:400,500,600" rel="stylesheet" />
 
         @viteReactRefresh
         @vite(['resources/css/app.css', 'resources/js/app.tsx', "resources/js/pages/{$page['component']}.tsx"])
diff --git a/tests/Feature/SecurityHeadersTest.php b/tests/Feature/SecurityHeadersTest.php
index 4b8f5b4..561b99d 100644
--- a/tests/Feature/SecurityHeadersTest.php
+++ b/tests/Feature/SecurityHeadersTest.php
@@ -37,6 +37,7 @@ class SecurityHeadersTest extends TestCase
             $response->assertHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
             $response->assertHeader('Content-Security-Policy');
             $response->assertHeaderContains('Content-Security-Policy', "style-src-elem 'self'");
+            $response->assertHeaderContains('Content-Security-Policy', "'unsafe-inline'; style-src-attr");
             $response->assertHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
             $response->assertCookie('XSRF-TOKEN');
 
@@ -48,6 +49,7 @@ class SecurityHeadersTest extends TestCase
             $login->assertOk();
             $login->assertHeader('Content-Security-Policy');
             $login->assertHeaderContains('Content-Security-Policy', "style-src-elem 'self'");
+            $login->assertHeaderContains('Content-Security-Policy', "'unsafe-inline'; style-src-attr");
             $login->assertHeader('X-Frame-Options', 'SAMEORIGIN');
             $login->assertCookie('XSRF-TOKEN');
         } finally {