diff --git a/server/configs/application.properties b/server/configs/application.properties
index 8571c6500a..6d2dc1e758 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -128,37 +128,20 @@ management.server.port=@@shutdownPort@@
 ## Define one or both of 'csp.report' and 'csp.enforce' to enable Content Security Policy (CSP) headers
 ## Do not use these examples for any production environment without understanding the meaning of each directive!
 
-## example usage 1 - very strict, disallows 'external' websites, disallows unsafe-inline, but only reports violations (does not enforce)
-
-#csp.report=\
-#    default-src 'self';\
-#    connect-src 'self' ${LABKEY.ALLOWED.CONNECTIONS} ;\
-#    object-src 'none' ;\
-#    style-src 'self' 'unsafe-inline' ;\
-#    img-src 'self' data: ;\
-#    font-src 'self' data: ;\
-#    script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
-#    base-uri 'self' ;\
-#    upgrade-insecure-requests ;\
-#    frame-ancestors 'self' ;\
-#    report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
-
-## example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)
-
-#csp.enforce=\
-#    default-src 'self' https: ;\
-#    connect-src 'self' https: ${LABKEY.ALLOWED.CONNECTIONS};\
-#    object-src 'none' ;\
-#    style-src 'self' https: 'unsafe-inline' ;\
-#    img-src 'self' data: ;\
-#    font-src 'self' data: ;\
-#    script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}';\
-#    base-uri 'self' ;\
-#    upgrade-insecure-requests ;\
-#    frame-ancestors 'self' ;\
-#    report-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
-
-## Default CSP for TeamCity and dev deployments
+## Default enforce CSP for dev deployments
+#useLocalBuild#csp.enforce=\
+#useLocalBuild#    default-src 'self' https: http: ;\
+#useLocalBuild#    connect-src 'self' localhost:* ws: ${LABKEY.ALLOWED.CONNECTIONS} ;\
+#useLocalBuild#    object-src 'none' ;\
+#useLocalBuild#    style-src 'self' https: 'unsafe-inline' ;\
+#useLocalBuild#    img-src 'self' https: data: ;\
+#useLocalBuild#    font-src 'self' http: https: data: ;\
+#useLocalBuild#    script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
+#useLocalBuild#    base-uri 'self' ;\
+#useLocalBuild#    frame-ancestors 'self' ;\
+#useLocalBuild#    report-uri /admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
+
+## Default report CSP for TeamCity and dev deployments
 csp.report=\
     default-src 'self' https: http: ;\
     connect-src 'self' localhost:* ws: ${LABKEY.ALLOWED.CONNECTIONS} ;\