diff --git a/app/entry.server.tsx b/app/entry.server.tsx
index 42cfc55b..6104e9b6 100644
--- a/app/entry.server.tsx
+++ b/app/entry.server.tsx
@@ -40,7 +40,8 @@ export default async function handleRequest(
   }
 
   responseHeaders.set("Content-Type", "text/html");
-  responseHeaders.set("Content-Security-Policy", header);
+  // TODO: change to Content-Security-Policy when you ready with your CSP configs.
+  responseHeaders.set("Content-Security-Policy-Report-Only", header);
   return new Response(body, {
     headers: responseHeaders,
     status: responseStatusCode,