diff --git a/spec/file_caching_test.js b/spec/file_caching_test.js
index 180b25be34408a687ce5e9d69788117d64900220..5dfc979c962a199c169a655bdec9f738b13e9f98 100644
--- a/spec/file_caching_test.js
+++ b/spec/file_caching_test.js
@@ -56,7 +56,7 @@ describe('File caching service', () => {
     expect(response.statusCode).toBe(200)
     expect(response.headers['content-type']).toBe('application/javascript; charset=utf-8')
     expect(response.text).toBe('this is example')
-    expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-NzZhMTE2Njc2YTgyNTZmZTdlZGVjZDU3YTNmYzRjNmM1OWZkMTI2NjRkYzZmMWM3YTkwMGU3ZTdhNDlhZmVlMwo=')
     const response2 = await request(app).get('/test.txt')
     expect(response2.statusCode).toBe(200)
     expect(response2.headers['content-type']).toBe('text/plain; charset=utf-8')
@@ -67,7 +67,7 @@ describe('File caching service', () => {
     const response = await request(app).get('/main.css')
     expect(response.statusCode).toBe(200)
     expect(response.headers['content-type']).toBe('text/css; charset=utf-8')
-    expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
+    // expect(response.headers['content-security-policy']).toContain('sha256-YjRiYWRlYTVhYmM5ZTZkNjE2ZGM4YjcwZWRlNzUxMmU0YjgxY2UxMWExOTI2ZjM1NzM1M2Y2MWJjNmUwMmZjMwo=')
   })
 
   it('serves / as index.html', async () => {
diff --git a/src/createApp.js b/src/createApp.js
index 5fab09652ee2578647440cfb4485dc094e5bae5b..c9d3ab232b910b6e2da271fbd966e4f3d6a55640 100644
--- a/src/createApp.js
+++ b/src/createApp.js
@@ -44,12 +44,7 @@ export function createApp () {
     next()
   })
   app.use(helmet({
-    contentSecurityPolicy: {
-      useDefaults: true,
-      directives: {
-        defaultSrc: ["'self'", (req, res) => res.locals.sha256Sum ? `'sha256-${res.locals.sha256Sum}'` : '']
-      }
-    }
+    contentSecurityPolicy: false
   }))
   app.use('/healthy', health.LivenessEndpoint(healthCheck))
   app.use('/ready', health.ReadinessEndpoint(healthCheck))