diff --git a/www/js/app.js b/www/js/app.js
index 15238c8e..45cd8396 100644
--- a/www/js/app.js
+++ b/www/js/app.js
@@ -4751,10 +4751,10 @@ define(['jquery', 'zimArchiveLoader', 'uiUtil', 'util', 'utf8', 'cache', 'images
             //     });
             // }
 
-            // If there is no CSP, add one to prevent external scripts and content
-            if (!/<meta\b[^>]+Content-Security-Policy/i.test(htmlArticle)) {
+            // Add CSP to prevent external scripts and content - note that any existing CSP can only be hardened, not loosened
+            // if (!/<meta\b[^>]+Content-Security-Policy/i.test(htmlArticle)) {
                 htmlArticle = htmlArticle.replace(/(<head\b[^>]*>)\s*/, '$1\n    <meta http-equiv="Content-Security-Policy" content="default-src \'self\' data: blob: bingmaps: about: \'unsafe-inline\' \'unsafe-eval\';"></meta>\n    ');
-            }
+            // }
 
             // Maker return links
             uiUtil.makeReturnLink(dirEntry.getTitleOrUrl());