diff --git a/src/checkout/settings.py b/src/checkout/settings.py
index 2c69411..c0a8a5a 100644
--- a/src/checkout/settings.py
+++ b/src/checkout/settings.py
@@ -15,6 +15,8 @@ from pathlib import Path
 import environ
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
+from django.contrib import messages
+
 BASE_DIR = Path(__file__).resolve(strict=True).parent.parent
 
 env = environ.Env(
@@ -196,7 +198,7 @@ SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
 # CSP
 CSP_DEFAULT_SRC = ("'none'",)
-CSP_IMG_SRC = ("'self'",)
+CSP_IMG_SRC = ("'self'", "data:")
 CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
 CSP_CONNECT_SRC = ("'self'",)
 CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
@@ -209,3 +211,5 @@ DEFAULT_AUTO_FIELD = "django.db.models.AutoField"
 
 CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap5"
 CRISPY_TEMPLATE_PACK = "bootstrap5"
+
+MESSAGE_TAGS = {messages.ERROR: "danger"}
diff --git a/src/common/templates/common/base.html b/src/common/templates/common/base.html
index 9bf4f01..624d66d 100644
--- a/src/common/templates/common/base.html
+++ b/src/common/templates/common/base.html
@@ -3,6 +3,7 @@
 <html lang="en">
     <head>
         <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
         <title>Checkout</title>
         <link href="{% static "vendor/bootstrap-5.1.3-dist/css/bootstrap.min.css" %}"
             rel="stylesheet">
@@ -12,6 +13,7 @@
     <body>
         <div class="container">
             {% include "common/navbar.html" %}
+            {% include "common/messages.html" %}
             {% block content %}
             {% endblock %}
         </div>
diff --git a/src/common/templates/common/messages.html b/src/common/templates/common/messages.html
new file mode 100644
index 0000000..a660a60
--- /dev/null
+++ b/src/common/templates/common/messages.html
@@ -0,0 +1,10 @@
+{% if messages %}
+    <div class="messages">
+        {% for message in messages %}
+            <div class="alert alert-{{ message.tags }} alert-dismissible fade show" role="alert">
+                {{ message }}
+                <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+            </div>
+        {% endfor %}
+    </div>
+{% endif %}
diff --git a/src/purchase/views.py b/src/purchase/views.py
index d54745f..ac0b8c4 100644
--- a/src/purchase/views.py
+++ b/src/purchase/views.py
@@ -1,4 +1,5 @@
 from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.messages.views import SuccessMessageMixin
 from django.urls import reverse
 from django.views.generic import CreateView, DeleteView, ListView, UpdateView
 
@@ -10,16 +11,18 @@ class ProtectedViewsMixin(PermissionRequiredMixin, LoginRequiredMixin):
     pass
 
 
-class NewBasketView(ProtectedViewsMixin, CreateView):
+class NewBasketView(ProtectedViewsMixin, SuccessMessageMixin, CreateView):
     permission_required = ["purchase.add_basket"]
     model = Basket
     form_class = BasketForm
+    success_message = "Successfully created basket."
 
 
-class UpdateBasketView(ProtectedViewsMixin, UpdateView):
+class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView):
     permission_required = ["purchase.change_basket", "purchase.view_basket"]
     model = Basket
     form_class = BasketForm
+    success_message = "Successfully updated basket."
 
 
 class ListBasketsView(ProtectedViewsMixin, ListView):
@@ -29,9 +32,10 @@ class ListBasketsView(ProtectedViewsMixin, ListView):
     ordering = "-id"
 
 
-class DeleteBasketView(ProtectedViewsMixin, DeleteView):
+class DeleteBasketView(ProtectedViewsMixin, SuccessMessageMixin, DeleteView):
     permission_required = ["purchase.delete_basket"]
     model = Basket
+    success_message = "Basket successfully deleted."
 
     def get_success_url(self):
         return reverse("purchase:list")