diff --git a/conf/application.conf b/conf/application.conf
index 0e23a671..1c4edbbf 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -45,7 +45,7 @@ template-amazon-s3-protocol = "http"
 template-amazon-s3-path = "/template/mustache"
 #Update the env's csp to remove www.google-analytics.com & http://google-analytics.com
 
-play.filters.headers.contentSecurityPolicy = "base-uri 'self'; block-all-mixed-content; child-src 'self' *.digital.nuance.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com localhost:9032 localhost:9310 localhost:9250; default-src 'self' 'unsafe-inline' localhost:9032 localhost:9310 localhost:9250; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com localhost:9032 localhost:9310 data:; script-src 'self' 'unsafe-inline' localhost:12345 localhost:9032 localhost:9250 localhost:9310 analytics.analytics-egain.com *.optimizely.com optimizely.s3.amazonaws.com www.google-analytics.com https://*.googletagmanager.com ssl.gstatic.com www.gstatic.com; style-src 'self' 'unsafe-inline' localhost:9032 localhost:9310 localhost:9250;"
+play.filters.headers.contentSecurityPolicy = "form-action 'self' localhost:9553 localhost:9556 localhost:9597; base-uri 'self'; block-all-mixed-content; child-src 'self' *.digital.nuance.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com localhost:9032 localhost:9310 localhost:9250; default-src 'self' 'unsafe-inline' localhost:9032 localhost:9310 localhost:9250; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com localhost:9032 localhost:9310 data:; script-src 'self' 'unsafe-inline' localhost:12345 localhost:9032 localhost:9250 localhost:9310 analytics.analytics-egain.com *.optimizely.com optimizely.s3.amazonaws.com www.google-analytics.com https://*.googletagmanager.com ssl.gstatic.com www.gstatic.com; style-src 'self' 'unsafe-inline' localhost:9032 localhost:9310 localhost:9250;"
 
 play.i18n.langCookieHttpOnly = true