diff --git a/src/server/server.ts b/src/server/server.ts
index ca9babc..3f731ac 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -107,7 +107,7 @@ function applySecurityHeaders(base: Record<string, string> = {}) {
     "X-Frame-Options": "DENY",
     // Mild CSP to avoid breaking inline styles/scripts already present; adjust as needed
     "Content-Security-Policy":
-      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:",
+      "default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; frame-src 'self' https://ko-fi.com https://*.ko-fi.com; child-src 'self' https://ko-fi.com https://*.ko-fi.com",
     ...base,
   };
 }
diff --git a/src/server/views/partials/rightSidebar.ejs b/src/server/views/partials/rightSidebar.ejs
index 6a676ee..791c964 100644
--- a/src/server/views/partials/rightSidebar.ejs
+++ b/src/server/views/partials/rightSidebar.ejs
@@ -5,7 +5,7 @@
       <h3 class="text-sm font-semibold text-slate-200">Apoya el proyecto</h3>
     </div>
     <div class="p-2 bg-slate-900">
-      <iframe id="kofiframe" src="https://ko-fi.com/shnimlz/?hidefeed=true&widget=true&embed=true&preview=true"
+      <iframe class="rounded-2xl"  id="kofiframe" src="https://ko-fi.com/shnimlz/?hidefeed=true&widget=true&embed=true&preview=true"
               style="border:none;width:100%;padding:4px;background:#0b1020;"
               height="712" title="shnimlz"></iframe>
     </div>