diff --git a/.changelog/1849.internal.md b/.changelog/1849.internal.md
new file mode 100644
index 0000000000..bacb75e2ee
--- /dev/null
+++ b/.changelog/1849.internal.md
@@ -0,0 +1 @@
+Fix CSP in start:prod
diff --git a/internals/scripts/serve-prod.js b/internals/scripts/serve-prod.js
index b008af481f..f24cb32e7e 100644
--- a/internals/scripts/serve-prod.js
+++ b/internals/scripts/serve-prod.js
@@ -3,7 +3,7 @@ const path = require('path')
 const http = require('http')
 const serveHandler = require('serve-handler')
 const { getCsp, getPermissionsPolicy } = require('../getSecurityHeaders.js')
-const csp = getCsp({ isDev: false, isExtension: true })
+const csp = getCsp({ isDev: false, isExtension: false })
 const permissionsPolicy = getPermissionsPolicy()
 console.log(`Content-Security-Policy: ${csp}\n`)
 console.log(`Permissions-Policy: ${permissionsPolicy}\n`)