diff --git a/surfsense_web/next.config.ts b/surfsense_web/next.config.ts
index 6cfcb5187..81f349f26 100644
--- a/surfsense_web/next.config.ts
+++ b/surfsense_web/next.config.ts
@@ -29,6 +29,13 @@ const nextConfig: NextConfig = {
 				hostname: "**",
 			},
 		],
+		// Allow remote SVGs (e.g. README badges from img.shields.io, trendshift.io,
+		// etc.) which are otherwise blocked by next/image. The CSP below sandboxes
+		// the SVG and forbids any embedded scripts, which is the mitigation
+		// recommended by Vercel's NEXTJS_SAFE_SVG_IMAGES conformance rule.
+		dangerouslyAllowSVG: true,
+		contentDispositionType: "attachment",
+		contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;",
 	},
 	experimental: {
 		optimizePackageImports: [