diff --git a/server/configs/application.properties b/server/configs/application.properties
index d714cb3ff6..12805f2ba5 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -78,8 +78,8 @@ spring.main.banner-mode=off
 # example usage 1 - very strict, disallows 'external' websites, disallows unsafe-inline, but only reports violations (does not enforce)
 # good for test automation!
 
-csp.report="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to /labkey/admin-contentsecuritypolicyreport.api ;\nreport-uri /labkey/admin-contentsecuritypolicyreport.api ;"
+#csp.report="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to  https://www.labkey.org/admin-contentsecuritypolicyreport.api ;\nreport-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api ;"
 
 # example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)
 
-csp.enforce="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to /labkey/admin-contentsecuritypolicyreport.api ;\nreport-uri /labkey/admin-contentsecuritypolicyreport.api ;"
\ No newline at end of file
+#csp.enforce="default-src 'self' https: ;\nconnect-src 'self' https: ;\nobject-src 'none' ;\nstyle-src 'self' https: 'unsafe-inline' ;\nimg-src 'self' data: ;\nscript-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\nbase-uri 'self' ;\nupgrade-insecure-requests ;\nframe-ancestors 'self' ;\nreport-to  https://www.labkey.org/admin-contentsecuritypolicyreport.api ;\nreport-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api ;"
\ No newline at end of file