diff --git a/config.toml b/config.toml
index 2240002..d99ee4c 100644
--- a/config.toml
+++ b/config.toml
@@ -169,9 +169,9 @@ csp = [
 	{ directive = "style-src", domains = ["'self'", "'unsafe-inline'"] },
 	{ directive = "frame-src", domains = ["https://player.vimeo.com", "https://www.youtube-nocookie.com", "https://toot.community"] },
 	{ directive = "connect-src", domains = ["https://toot.community"] },
-	{ directive = "frame-ancestors", domains = ["'self'"] },
-	{ directive = "base-uri", domains = ["'self'"] },
-	{ directive = "form-action", domains = ["'self'"] },
+	{ directive = "frame-ancestors", domains = ["'none'"] },
+	{ directive = "base-uri", domains = ["'none'"] },
+	{ directive = "form-action", domains = ["'none'"] },
 	{ directive = "require-trusted-types-for", domains = ["'script'"] },
 ]
 # Display outlines around all elements for debugging purposes
diff --git a/templates/partials/csp.html b/templates/partials/csp.html
index dc7ce6c..bb6ff7e 100644
--- a/templates/partials/csp.html
+++ b/templates/partials/csp.html
@@ -18,6 +18,12 @@ content="default-src 'none';
 		{%- set connect_src = connect_src ~ " " ~ goatcounter_url -%}
 	{%- endif %}
 
+
+	{#- Append comments host if present -#}
+	{%- if config.extra.comments -%}
+		{%- set connect_src = connect_src ~ " " ~ "https://" ~ config.extra.comments.host -%}
+	{%- endif -%}
+
 	{#- Append WebSocket for Zola serve mode -#}
 	{%- if config.mode == "serve" -%}
 		{%- set connect_src = connect_src ~ " ws:" -%}