diff --git a/application.properties b/application.properties
index 01033e4..51d43ba 100644
--- a/application.properties
+++ b/application.properties
@@ -164,17 +164,19 @@ server.servlet.session.timeout=60m
 context.workDirLocation=/work/Tomcat/localhost
 
 ## START OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)
+## CSP Version: e10
 csp.enforce=\
-    default-src 'self' https: ;\
-    connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
-    object-src 'none' ;\
-    style-src 'self' https: 'unsafe-inline' ;\
-    img-src 'self' https: data: ;\
-    font-src 'self' data: ;\
-    script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
-    base-uri 'self' ;\
+    default-src 'self' https: ; \
+    connect-src 'self' ${CONNECTION.SOURCES} ; \
+    object-src 'none' ; \
+    style-src 'self' https: 'unsafe-inline' ${STYLE.SOURCES} ; \
+    img-src 'self' https: data: ${IMAGE.SOURCES} ; \
+    font-src 'self' data: ${FONT.SOURCES} ; \
+    script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ; \
+    base-uri 'self' ; \
     upgrade-insecure-requests ;\
-    frame-ancestors 'self' ;\
+    frame-ancestors 'self' ; \
+    frame-src 'self' ${FRAME.SOURCES} ; \
     report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 ## END OF CSP ENFORCE BLOCK (DO NOT CHANGE THIS TEXT)