diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb
index 1e43757e7a4..b9619923c72 100644
--- a/app/controllers/concerns/idv/document_capture_concern.rb
+++ b/app/controllers/concerns/idv/document_capture_concern.rb
@@ -2,6 +2,7 @@ module Idv
   module DocumentCaptureConcern
     def override_document_capture_step_csp
       return if params[:step] != 'document_capture'
+      return if IdentityConfig.store.suppress_content_security_policy
 
       policy = current_content_security_policy
       policy.connect_src(*policy.connect_src, 'us.acas.acuant.net')
diff --git a/app/controllers/concerns/secure_headers_concern.rb b/app/controllers/concerns/secure_headers_concern.rb
index 380b6c291a6..6548b66d3e0 100644
--- a/app/controllers/concerns/secure_headers_concern.rb
+++ b/app/controllers/concerns/secure_headers_concern.rb
@@ -11,6 +11,8 @@ def apply_secure_headers_override
   end
 
   def override_form_action_csp(uris)
+    return if IdentityConfig.store.suppress_content_security_policy
+
     policy = current_content_security_policy
     policy.form_action(*uris)
     request.content_security_policy = policy
diff --git a/app/helpers/secure_headers_helper.rb b/app/helpers/secure_headers_helper.rb
index 7b3cc6b8c3c..e7933ea31d0 100644
--- a/app/helpers/secure_headers_helper.rb
+++ b/app/helpers/secure_headers_helper.rb
@@ -15,6 +15,8 @@ def add_document_capture_image_urls_to_csp_with_secure_headers(request, urls)
   end
 
   def add_document_capture_image_urls_to_csp_with_rails_csp_tooling(request, urls)
+    return if IdentityConfig.store.suppress_content_security_policy
+
     policy = request.content_security_policy.clone
     policy.connect_src(*policy.connect_src, *urls)
     request.content_security_policy = policy
diff --git a/config/application.yml.default b/config/application.yml.default
index 9d5fadab496..d06c54c685f 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -282,6 +282,7 @@ voip_check: true
 voip_block: true
 voip_allowed_phones: '[]'
 inherited_proofing_va_base_url: 'https://staging-api.va.gov'
+suppress_content_security_policy: false
 
 development:
   aamva_private_key: 123abc
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 0a09da1bec6..83e25950394 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -2,6 +2,8 @@
 
 # rubocop:disable Metrics/BlockLength
 Rails.application.config.content_security_policy do |policy|
+  next if IdentityConfig.store.suppress_content_security_policy
+
   connect_src = ["'self'", '*.nr-data.net']
 
   font_src = [:self, :data, IdentityConfig.store.asset_host.presence].compact
@@ -56,6 +58,7 @@
   policy.base_uri :self
 end
 # rubocop:enable Metrics/BlockLength
+
 Rails.application.configure do
   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
   config.content_security_policy_nonce_directives = ['script-src']
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index 17d9b9c0506..e49e15a7dc2 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -374,6 +374,7 @@ def self.build_store(config_map)
     config.add(:voip_block, type: :boolean)
     config.add(:voip_check, type: :boolean)
     config.add(:inherited_proofing_va_base_url, type: :string)
+    config.add(:suppress_content_security_policy, type: :boolean)
 
     @store = RedactedStruct.new('IdentityConfig', *config.written_env.keys, keyword_init: true).
       new(**config.written_env)