diff --git a/previewer_jupyter/indico_previewer_jupyter/controllers.py b/previewer_jupyter/indico_previewer_jupyter/controllers.py
index 0f1631c..e2005da 100644
--- a/previewer_jupyter/indico_previewer_jupyter/controllers.py
+++ b/previewer_jupyter/indico_previewer_jupyter/controllers.py
@@ -57,7 +57,7 @@ class RHEventPreviewIPyNB(RH):
 
         response = current_app.response_class(html)
         # Use CSP to restrict access to possibly malicious scripts or inline JS
-        csp_header = "script-src cdn.mathjax.org cdnjs.cloudflare.com 'nonce-{}';".format(nonce)
+        csp_header = "script-src cdn.mathjax.org 'nonce-{}';".format(nonce)
         response.headers['Content-Security-Policy'] = csp_header
         response.headers['X-Webkit-CSP'] = csp_header
         # IE10 doesn't have proper CSP support, so we need to be more strict