diff --git a/application.properties b/application.properties
index 01033e4..98e487e 100644
--- a/application.properties
+++ b/application.properties
@@ -166,15 +166,16 @@ context.workDirLocation=/work/Tomcat/localhost
 ## START OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)
 csp.enforce=\
     default-src 'self' https: ;\
-    connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
+    connect-src 'self' ${CONNECTION.SOURCES} ;\
     object-src 'none' ;\
-    style-src 'self' https: 'unsafe-inline' ;\
+    style-src 'self' https: 'unsafe-inline' ${STYLE.SOURCES} ;\
     img-src 'self' https: data: ;\
-    font-src 'self' data: ;\
+    font-src 'self' data: ${FONT.SOURCES} ;\
     script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
     base-uri 'self' ;\
     upgrade-insecure-requests ;\
     frame-ancestors 'self' ;\
+    frame-src 'self' ${FRAME.SOURCES} ;\
     report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 ## END OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)