diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js
index 6ee695f74e..d5aad069fd 100644
--- a/server-ce/config/settings.js
+++ b/server-ce/config/settings.js
@@ -208,6 +208,10 @@ const settings = {
       process.env.OVERLEAF_SESSION_SECRET || process.env.CRYPTO_RANDOM,
   },
 
+  csp: {
+    enabled: process.env.OVERLEAF_CSP_ENABLED !== 'false',
+  },
+
   // These credentials are used for authenticating api requests
   // between services that may need to go over public channels
   httpAuthUsers,