diff --git a/packages/athena/app.js b/packages/athena/app.js
index 9725bbbf..29f281a0 100644
--- a/packages/athena/app.js
+++ b/packages/athena/app.js
@@ -643,7 +643,7 @@ function setHeaders(req, res, next) {
 	res.setHeader('X-Content-Type-Options', 'nosniff');									// suggestion by ibm security
 	res.setHeader('X-XSS-Protection', '1; mode=block');									// suggestion by ibm security
 	res.setHeader('X-Frame-Options', 'deny');											// suggestion by ibm security
-	res.setHeader('Server', ev.ATHENA_VERSION);											// needed for ONECLOUD UX302
+	// res.setHeader('Server', ev.ATHENA_VERSION);											// needed for ONECLOUD UX302
 
 	let setNoCache = false;
 	if (req.url.indexOf('/api/') === 0 || req.url.indexOf('/ak/api/') === 0) {			// all api routes follow the pattern /api/* and /ak/api/*
diff --git a/packages/athena/json_docs/default_settings_doc.json b/packages/athena/json_docs/default_settings_doc.json
index a0d9e4b0..65be20ae 100644
--- a/packages/athena/json_docs/default_settings_doc.json
+++ b/packages/athena/json_docs/default_settings_doc.json
@@ -121,11 +121,11 @@
 	"csp_header_values": [
 		"connect-src *",
 		"default-src 'none'",
-		"font-src 'self' *.s81c.com fonts.gstatic.com",
+		"font-src 'self' *.s81c.com",
 		"frame-ancestors 'none'",
 		"object-src 'none'",
 		"img-src 'self' *.ibm.com appboy-images.com",
-		"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com api.segment.com cdn.segment.com console.bluemix.net *.braze.com lpcdn.lpsnmedia.net *.liveperson.net *.kampyle.com",
+		"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com",
 		"style-src 'self' 'unsafe-inline' *.ibm.com"
 	],
 	"host_url": "http://localhost:3000",
diff --git a/packages/athena/test/openapi/real_responses.json b/packages/athena/test/openapi/real_responses.json
index d59166ef..465ede76 100644
--- a/packages/athena/test/openapi/real_responses.json
+++ b/packages/athena/test/openapi/real_responses.json
@@ -1683,10 +1683,10 @@
 					"CSP_HEADER_VALUES": [
 						"connect-src *",
 						"default-src 'none'",
-						"font-src 'self' *.s81c.com fonts.gstatic.com",
+						"font-src 'self' *.s81c.com",
 						"frame-ancestors 'none'",
 						"img-src 'self' *.ibm.com appboy-images.com",
-						"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com api.segment.com cdn.segment.com console.bluemix.net *.braze.com lpcdn.lpsnmedia.net *.liveperson.net",
+						"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com",
 						"style-src 'self' 'unsafe-inline' *.ibm.com"
 					],
 					"DB_SYSTEM": "db-bd000d77c84344e5809bef2ca2313319-system",