diff --git a/config.toml b/config.toml
index 84af91c..a5fe953 100644
--- a/config.toml
+++ b/config.toml
@@ -263,6 +263,10 @@ allowed_domains = [
     { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },
 ]
 
+# Enable the CSP directives configured (or default).
+# Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy
+enable_csp = true
+
 # Custom subset of characters for the header.
 # If set to true, the `static/custom_subset.css` file will be loaded first.
 # This avoids a flashing text issue in Firefox.
diff --git a/content/blog/mastering-tabi-settings/index.ca.md b/content/blog/mastering-tabi-settings/index.ca.md
index 97b535c..b52e44a 100644
--- a/content/blog/mastering-tabi-settings/index.ca.md
+++ b/content/blog/mastering-tabi-settings/index.ca.md
@@ -1,7 +1,7 @@
 +++
 title = "Domina la configuració de tabi: guia completa"
 date = 2023-09-18
-updated = 2024-02-15
+updated = 2024-03-15
 description = "Descobreix les múltiples maneres en què pots personalitzar tabi."
 
 [taxonomies]
@@ -749,6 +749,8 @@ allowed_domains = [
 ]
 ```
 
+Aquesta opció està habilitada per defecte. Per desactivar-la per una pàgina, secció o globalment, estableix `enable_csp = false`. La configuració de `enable_csp` segueix la jerarquia.
+
 Per a més informació, consulta la [pàgina de documentació de CSP](/ca/blog/security/).
 
 ---
diff --git a/content/blog/mastering-tabi-settings/index.es.md b/content/blog/mastering-tabi-settings/index.es.md
index 0863c1d..477062a 100644
--- a/content/blog/mastering-tabi-settings/index.es.md
+++ b/content/blog/mastering-tabi-settings/index.es.md
@@ -1,7 +1,7 @@
 +++
 title = "Domina la configuración de tabi: guía completa"
 date = 2023-09-18
-updated = 2024-01-07
+updated = 2024-03-15
 description = "Descubre las múltiples maneras en que puedes personalizar tabi."
 
 [taxonomies]
@@ -749,6 +749,8 @@ allowed_domains = [
 ]
 ```
 
+Esta función está habilitada por defecto. Para deshabilitarla (y permitir todo), configura `enable_csp = false` en una página, sección o globalmente. La opción `enable_csp` sigue [la jerarquía](#jerarquia-de-configuracion).
+
 Para obtener más información, consulta la [página de documentación de CSP](/es/blog/security/).
 
 ---
diff --git a/content/blog/mastering-tabi-settings/index.md b/content/blog/mastering-tabi-settings/index.md
index 88c5d14..d4300f5 100644
--- a/content/blog/mastering-tabi-settings/index.md
+++ b/content/blog/mastering-tabi-settings/index.md
@@ -1,7 +1,7 @@
 +++
 title = "Mastering tabi Settings: A Comprehensive Guide"
 date = 2023-09-18
-updated = 2024-01-07
+updated = 2024-03-15
 description = "Discover the many ways you can customise your tabi site."
 
 [taxonomies]
@@ -754,6 +754,8 @@ allowed_domains = [
 ]
 ```
 
+This feature is enabled by default. To disable it (and allow all connections), set `enable_csp = false` on a page, section or globally. The `enable_csp` setting follows the [hierarchy](#settings-hierarchy).
+
 See the [CSP documentation page](/blog/security/) for more information.
 
 ---
diff --git a/content/blog/security/index.ca.md b/content/blog/security/index.ca.md
index 94ab1e6..c56744d 100644
--- a/content/blog/security/index.ca.md
+++ b/content/blog/security/index.ca.md
@@ -1,7 +1,7 @@
 +++
 title = "Seguretat per defecte"
 date = 2023-02-22
-updated = 2023-09-29
+updated = 2024-03-15
 description = "tabi té una Política de Seguretat de Contingut (CSP) fàcilment personalitzable amb valors segurs per defecte. Obtingues tranquil·litat i un A+ en l'Observatori de Mozilla."
 
 [taxonomies]
@@ -30,6 +30,8 @@ La llista `allowed_domains` especifica les URLs a les quals el lloc web hauria d
 
 Aquesta funcionalitat permet personalitzar fàcilment les capçaleres de seguretat del lloc web per permetre casos d'ús específics, com ara inserir vídeos de YouTube, carregar scripts o tipografies remotes ([no recomanat](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)).
 
+Pots desactivar les capçaleres (permitint-ho tot) en una pàgina, secció, o globalment configurant `enable_csp = false` en el front matter o en el fitxer `config.toml`.
+
 **Nota**: [habilitar els comentaris](@/blog/comments/index.ca.md) o [les analítiques](@/blog/mastering-tabi-settings/index.ca.md#analisi-web) automàticament permet scripts/frames/estils/connexions en funció del servei habilitat.
 
 [^1]: Requereix una configuració adequada del servidor web (p. ex., redirigir el trànsit HTTP a HTTPS).
diff --git a/content/blog/security/index.es.md b/content/blog/security/index.es.md
index 3a6763f..8ba92cf 100644
--- a/content/blog/security/index.es.md
+++ b/content/blog/security/index.es.md
@@ -1,7 +1,7 @@
 +++
 title = "Seguro por defecto"
 date = 2023-02-22
-updated = 2023-09-29
+updated = 2024-03-15
 description = "tabi tiene una Política de Seguridad de Contenido (CSP) fácilmente personalizable con configuraciones seguras. Obtén tranquilidad y una calificación de A+ en Mozilla Observatory."
 
 [taxonomies]
@@ -30,6 +30,8 @@ La lista `allowed_domains` especifica las URL a las que el sitio web debería po
 
 Esta función permite personalizar fácilmente las cabeceras de seguridad del sitio web para permitir casos de uso específicos, como la incrustación de videos de YouTube, la carga de scripts o  fuentes remotas ([no recomendado](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)).
 
+Puedes desactivar las cabeceras (permitiendo todo) en una página, sección, o globalmente configurando `enable_csp = false` en el front matter o en el archivo `config.toml`.
+
 **Nota**: [habilitar los comentarios](@/blog/comments/index.es.md) o [las analíticas](@/blog/mastering-tabi-settings/index.es.md#analisis-web) automáticamente permite scripts/frames/estilos/conexiones en función del servicio habilitado.
 
 [^1]: Requiere una configuración adecuada del servidor web (por ejemplo, redirigir el tráfico HTTP a HTTPS).
diff --git a/content/blog/security/index.md b/content/blog/security/index.md
index b566e79..a9b167e 100644
--- a/content/blog/security/index.md
+++ b/content/blog/security/index.md
@@ -1,7 +1,7 @@
 +++
 title = "Secure by default"
 date = 2023-02-22
-updated = 2023-09-29
+updated = 2024-03-15
 description = "tabi has an easily customizable Content Security Policy (CSP) with safe defaults. Get peace of mind and an A+ on Mozilla Observatory."
 
 [taxonomies]
@@ -30,6 +30,8 @@ The `allowed_domains` list specifies the URLs that the website should be able to
 
 This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading scripts or remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)).
 
+You can disable the CSP (allowing all connections) on a page, section, or globally by setting `enable_csp = false` in the front matter or `config.toml` file.
+
 **Note**: [enabling comments](@/blog/comments/index.md) or [analytics](@/blog/mastering-tabi-settings/index.md#analytics) automatically allows scripts/frames/styles/connections as needed from the respective services.
 
 [^1]: Requires proper webserver configuration (e.g. redirecting HTTP traffic to HTTPS).
diff --git a/templates/page.html b/templates/page.html
index 2e9f722..c875bae 100644
--- a/templates/page.html
+++ b/templates/page.html
@@ -25,6 +25,7 @@
     "show_previous_next_article_links",
     "invert_previous_next_article_links",
     "previous_next_article_links_full_width",
+    "enable_csp",
 ] %}
 
 <table>
diff --git a/templates/partials/header.html b/templates/partials/header.html
index 0ab0c3c..8b82ddf 100644
--- a/templates/partials/header.html
+++ b/templates/partials/header.html
@@ -143,7 +143,9 @@
 
     <meta property="og:site_name" content="{{ config.title }}">
 
-    {%- include "partials/content_security_policy.html" -%}
+    {%- if macros_settings::evaluate_setting_priority(setting="enable_csp", page=page | default(value=""), section=section | default(value=""), default_global_value="true") == "true" -%}
+        {%- include "partials/content_security_policy.html" -%}
+    {%- endif -%}
 
     {%- if config.extra.theme_switcher and config.extra.theme_switcher == true -%}
         {# If JavaScript is disabled, hide the button. #}
diff --git a/theme.toml b/theme.toml
index 8d1e1d3..53a2c05 100644
--- a/theme.toml
+++ b/theme.toml
@@ -218,6 +218,10 @@ allowed_domains = [
     { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },
 ]
 
+# Enable the CSP directives configured (or default).
+# Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy
+enable_csp = true
+
 # Custom subset of characters for the header.
 # If set to true, the `static/custom_subset.css` file will be loaded first.
 # This avoids a flashing text issue in Firefox.