In production you get this error in the console when the frontend tries to load the profile picture from the 3rd party api:

Refused to load the image 'https://api.dicebear.com/8.x/adventurer-neutral/svg?seed=' because it violates the following Content Security Policy directive: "img-src 'self' data: *.interssl.com www.wkoecg.at *.geotrust.com *.paypal.com *.amazonaws.com *.google-analytics.com *.cloudflare.com".