diff --git a/files/routes/static.py b/files/routes/static.py
index fc9496f46..c04f52d95 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -354,16 +354,3 @@ if not os.path.exists(f'files/templates/donate_{SITE_NAME}.html'):
 @auth_desired_with_logingate
 def donate(v):
 	return render_template(f'donate_{SITE_NAME}.html', v=v)
-
-
-# @app.post('/csp_violations')
-# @limiter.limit("5/minute;10/day")
-# def csp_violations():
-# 	content = request.get_json(force=True)['csp-report']
-# 	if content.get('source-file') and content['source-file'].startswith(SITE_FULL):
-# 		print('--------', flush=True)
-# 		for k, val in content.items():
-# 			if k != 'original-policy':
-# 				print(f"{k}: {val}", flush=True)
-# 		print('--------', flush=True)
-# 	return ''
diff --git a/nginx-headers.conf b/nginx-headers.conf
index 79e2ee51f..db908e0ae 100644
--- a/nginx-headers.conf
+++ b/nginx-headers.conf
@@ -2,5 +2,4 @@ add_header Referrer-Policy "same-origin";
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
 add_header X-Frame-Options "deny";
 add_header X-Content-Type-Options "nosniff";
-add_header Report-To "{'group': 'csp', 'max_age': 10886400, 'endpoints': [{'url': '/csp_violations'}]}";
-add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; media-src 'self' https:; img-src 'self' https: data:; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io; report-to csp; report-uri /csp_violations;";
+add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; media-src 'self' https:; img-src 'self' https: data:; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io;";