diff --git a/src/metabase/server/middleware/security.clj b/src/metabase/server/middleware/security.clj
index 706a33575cdfce930c48597fdc6b321b1b48ea62..5336c9d5022ca9e543d35ed4f4e8a8ad9742bc91 100644
--- a/src/metabase/server/middleware/security.clj
+++ b/src/metabase/server/middleware/security.clj
@@ -52,8 +52,6 @@
                                    "'unsafe-eval'" ; TODO - we keep working towards removing this entirely
                                    "https://maps.google.com"
                                    "https://accounts.google.com"
-                                   "https://*.googleapis.com"
-                                   "*.gstatic.com"
                                    (when (public-settings/anon-tracking-enabled)
                                      "https://www.google-analytics.com")
                                    ;; for webpack hot reloading