diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index e9eeeeff6..4553d3588 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
+    <%= csp_meta_tag %>
     <meta data-hook="head-js">
     <title><%=t "head.title", title: (yield :head_title) %></title>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
@@ -12,7 +13,6 @@
     <% end %>
     <%= stylesheet_link_tag "tailwind", "data-turbo-track": "reload" %>
     <%= stylesheet_link_tag 'application', media: 'all' %>
-    <%= csp_meta_tag %>
     <% if ::NewRelic::Agent.instance.started? %>
       <%= ::NewRelic::Agent.browser_timing_header(controller.request.content_security_policy_nonce) %>
     <% end %>
diff --git a/config/initializers/security_policy.rb b/config/initializers/security_policy.rb
index ccd718265..641ce49e1 100644
--- a/config/initializers/security_policy.rb
+++ b/config/initializers/security_policy.rb
@@ -10,7 +10,7 @@ Rails.application.config.content_security_policy do |policy|
   policy.font_src    :self, :https, :data
   policy.img_src     :self, :https, :data, :blob
   policy.object_src  :none
-  policy.script_src  :self, :https, :unsafe_eval
+  policy.script_src  :self, :unsafe_eval
   policy.style_src   :self, :https, :unsafe_inline, :data
   policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES