diff --git a/packages/web/next.config.js b/packages/web/next.config.js
index 3a874e7c2..d4d2544c2 100644
--- a/packages/web/next.config.js
+++ b/packages/web/next.config.js
@@ -2,14 +2,14 @@ const ContentSecurityPolicy = `
   default-src 'self';
   base-uri 'self';
   block-all-mixed-content;
-  connect-src 'self' ${process.env.NEXT_PUBLIC_SERVER_BASE_URL} proxy-prod.omnivore-image-cache.app accounts.google.com proxy-demo.omnivore-image-cache.app storage.googleapis.com api.segment.io cdn.segment.com widget.intercom.io api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io platform.twitter.com;
-  font-src 'self' data: cdn.jsdelivr.net https://js.intercomcdn.com https://fonts.intercomcdn.com;
+  connect-src 'self' ${process.env.NEXT_PUBLIC_SERVER_BASE_URL} https://proxy-prod.omnivore-image-cache.app https://accounts.google.com https://proxy-demo.omnivore-image-cache.app https://storage.googleapis.com https://api.segment.io https://cdn.segment.com https://widget.intercom.io https://api-iam.intercom.io https://platform.twitter.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io;
+  font-src 'self' data: https://cdn.jsdelivr.net https://js.intercomcdn.com https://fonts.intercomcdn.com;
   form-action 'self' ${process.env.NEXT_PUBLIC_SERVER_BASE_URL} https://getpocket.com/auth/authorize https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io;
   frame-ancestors 'none';
-  frame-src 'self' accounts.google.com platform.twitter.com www.youtube.com www.youtube-nocookie.com;
+  frame-src 'self' https://accounts.google.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com;
   manifest-src 'self';
-  script-src 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com widget.intercom.io js.intercomcdn.com platform.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn.segment.com;
-  style-src 'self' 'unsafe-inline' accounts.google.com cdnjs.cloudflare.com;
+  script-src 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.segment.com;
+  style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdnjs.cloudflare.com;
   img-src 'self' blob: data: https:;
   worker-src 'self' blob:;
   media-src https://js.intercomcdn.com;
diff --git a/packages/web/public/static/scripts/intercom.js b/packages/web/public/static/scripts/intercom.js
index a89ba39da..55fb1d20f 100644
--- a/packages/web/public/static/scripts/intercom.js
+++ b/packages/web/public/static/scripts/intercom.js
@@ -1,13 +1,11 @@
 ;(function () {
   var w = window
   var ic = w.Intercom
-  console.log('running the intercom script, checking if we are injected: ', ic)
 
   if (typeof ic === 'function') {
     ic('reattach_activator')
     ic('update', w.intercomSettings)
   } else {
-    console.log('injecting the intercom widget')
     var d = document
     var i = function () {
       i.c(arguments)
@@ -18,8 +16,6 @@
     }
     w.Intercom = i
     var l = function () {
-      console.log(' running intercom onload script ')
-
       var s = d.createElement('script')
       s.type = 'text/javascript'
       s.async = true