diff --git a/.circleci/config.yml b/.circleci/config.yml
index 42ec7a0c28..2199bc047d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -356,8 +356,8 @@ workflows:
           context : org-global
           filters:
             branches:
-              only:
-                - free
+              only:                
+                - veterans-http-headers
       # This is alternate dev env for parallel testing
       - "build-qa":
           context : org-global
diff --git a/src/server/index.js b/src/server/index.js
index 70590aa8b8..cf21e9bfb6 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -141,7 +141,7 @@ async function onExpressJsSetup(server) {
       res.header(
         'Content-Security-Policy',
         "default-src 'self';"
-        + " script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'"
+        + " script-src 'report-sample' 'self'"
           + ` ${config.CDN.PUBLIC}`
           + ' http://www.google-analytics.com'
           + ' https://www.google-analytics.com'