diff --git a/config/site_settings.yml b/config/site_settings.yml
index 6db2c674684..103194d78a7 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1389,6 +1389,9 @@ security:
   content_security_policy_script_src:
     type: list
     default: ""
+  content_security_policy_allow_unsafe_eval:
+    default: true
+    hidden: true
   invalidate_inactive_admin_email_after_days:
     default: 365
     min: 0
diff --git a/lib/content_security_policy/default.rb b/lib/content_security_policy/default.rb
index 1e056f78bb1..b326ee57f91 100644
--- a/lib/content_security_policy/default.rb
+++ b/lib/content_security_policy/default.rb
@@ -45,13 +45,13 @@ class ContentSecurityPolicy
 
     def script_src
       [
-        :unsafe_eval,
         :report_sample,
         "#{base_url}/logs/",
         "#{base_url}/sidekiq/",
         "#{base_url}/mini-profiler-resources/",
         *script_assets
       ].tap do |sources|
+        sources << :unsafe_eval if SiteSetting.content_security_policy_allow_unsafe_eval
         sources << 'https://www.google-analytics.com/analytics.js' if SiteSetting.ga_universal_tracking_code.present?
         sources << 'https://www.googletagmanager.com/gtm.js' if SiteSetting.gtm_container_id.present?
       end