diff --git a/deploy/csp/index.js b/deploy/csp/index.js
index 2a7a7d91ecee0909f1708a656e80839218a510f8..63aec6df1a72b80f4810a8d9c22b2e7a0798951c 100644
--- a/deploy/csp/index.js
+++ b/deploy/csp/index.js
@@ -20,8 +20,7 @@ try {
 const defaultAllowedSites = [
   "'self'",
   '*.apps.hbp.eu',
-  '*.apps-dev.hbp.eu',
-  ...ALLOWED_DEFAULT_SRC
+  '*.apps-dev.hbp.eu'
 ]
 
 const dataSource = [
@@ -49,6 +48,17 @@ module.exports = (app) => {
         ...defaultAllowedSites,
         ...dataSource
       ],
+      scriptSrc:[
+        "'self'",
+        '*.apps.hbp.eu',
+        '*.apps-dev.hbp.eu',
+        '*.jquery.com',
+        '*.cloudflare.com',
+        'unpkg.com',
+        '*.unpkg.com',
+        '*.jsdelivr.net',
+        ...ALLOWED_DEFAULT_SRC
+      ],
       reportUri: '/report-violation'
     },
     reportOnly: true