diff --git a/backend/app/api/handlers/v1/v1_ctrl_product_search.go b/backend/app/api/handlers/v1/v1_ctrl_product_search.go
index 421bea87..dd0412a2 100644
--- a/backend/app/api/handlers/v1/v1_ctrl_product_search.go
+++ b/backend/app/api/handlers/v1/v1_ctrl_product_search.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 
 	"github.com/hay-kot/httpkit/errchain"
 	"github.com/rs/zerolog/log"
@@ -242,6 +243,13 @@ func (ctrl *V1Controller) HandleProductSearchFromBarcode(conf config.BarcodeAPIC
 				continue
 			}
 
+			// Validate URL is HTTPS
+			u, err := url.Parse(p.ImageURL)
+			if err != nil || u.Scheme != "https" {
+				log.Warn().Msg("Skipping non-HTTPS image URL: " + p.ImageURL)
+				continue
+			}
+
 			res, err := http.Get(p.ImageURL)
 			if err != nil {
 				log.Warn().Msg("Cannot fetch image for URL: " + p.ImageURL + ": " + err.Error())