diff --git a/config/environments/production.rb b/config/environments/production.rb
index 7a630bd1d5e..7f9b2d053ac 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -5,9 +5,9 @@
   config.cache_classes = true
   config.eager_load = true
   config.consider_all_requests_local = false
-  config.action_controller.asset_host = Figaro.env.domain_name
   config.action_controller.perform_caching = true
-  config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  config.action_controller.asset_host = Figaro.env.asset_host || Figaro.env.domain_name
   config.assets.js_compressor = :uglifier
   config.assets.compile = false
   config.assets.digest = true
@@ -19,7 +19,7 @@
     host: Figaro.env.domain_name,
     protocol: 'https',
   }
-  config.action_mailer.asset_host = Figaro.env.mailer_domain_name
+  config.action_mailer.asset_host = Figaro.env.asset_host || Figaro.env.mailer_domain_name
   config.action_mailer.raise_delivery_errors = true
   config.action_mailer.default_options = { from: Figaro.env.email_from }
   config.action_mailer.delivery_method = if Figaro.env.disable_email_sending == 'true'
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 76c04b56f57..f78e27b0ecd 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -18,8 +18,8 @@
       '*.nr-data.net',
       '*.google-analytics.com',
     ],
-    font_src: ["'self'", 'data:'],
-    img_src: ["'self'", 'data:', 'login.gov'],
+    font_src: ["'self'", 'data:', Figaro.env.asset_host],
+    img_src: ["'self'", 'data:', 'login.gov', Figaro.env.asset_host],
     media_src: ["'self'"],
     object_src: ["'none'"],
     script_src: [
@@ -30,8 +30,9 @@
       '*.google-analytics.com',
       'www.google.com',
       'www.gstatic.com',
+      Figaro.env.asset_host,
     ],
-    style_src: ["'self'"],
+    style_src: ["'self'", Figaro.env.asset_host],
     base_uri: ["'self'"],
   }