diff --git a/app/__init__.py b/app/__init__.py
index c32f45ef5..0797204ce 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -70,7 +70,7 @@ from app.notify_client.complaint_api_client import complaint_api_client
 from app.notify_client.platform_stats_api_client import platform_stats_api_client
 from app.notify_client.template_folder_api_client import template_folder_api_client
 from app.commands import setup_commands
-from app.utils import get_cdn_domain, id_safe
+from app.utils import get_logo_cdn_domain, id_safe
 
 login_manager = LoginManager()
 csrf = CSRFProtect()
@@ -501,18 +501,15 @@ def useful_headers_after_request(response):
     response.headers.add('X-Content-Type-Options', 'nosniff')
     response.headers.add('X-XSS-Protection', '1; mode=block')
     response.headers.add('Content-Security-Policy', (
-        "default-src 'self' {} 'unsafe-inline';"
-        "script-src 'self' {} *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
+        "default-src 'self' {asset_domain} 'unsafe-inline';"
+        "script-src 'self' {asset_domain} *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
         "connect-src 'self' *.google-analytics.com;"
         "object-src 'self';"
-        "font-src 'self' {} data:;"
-        "img-src 'self' {} *.google-analytics.com *.notifications.service.gov.uk {} data:;"
+        "font-src 'self' {asset_domain} data:;"
+        "img-src 'self' {asset_domain} *.google-analytics.com *.notifications.service.gov.uk {logo_domain} data:;"
         "frame-src 'self' www.youtube.com;".format(
-            configs[notify_environment].ASSET_DOMAIN,
-            configs[notify_environment].ASSET_DOMAIN,
-            configs[notify_environment].ASSET_DOMAIN,
-            configs[notify_environment].ASSET_DOMAIN,
-            get_cdn_domain(),
+            asset_domain=configs[notify_environment].ASSET_DOMAIN,
+            logo_domain=get_logo_cdn_domain(),
         )
     ))
     if 'Cache-Control' in response.headers:
diff --git a/app/main/views/email_branding.py b/app/main/views/email_branding.py
index 28851a13a..307575930 100644
--- a/app/main/views/email_branding.py
+++ b/app/main/views/email_branding.py
@@ -11,7 +11,7 @@ from app.main.s3_client import (
     persist_logo,
     upload_logo,
 )
-from app.utils import AgreementInfo, get_cdn_domain, user_is_platform_admin
+from app.utils import AgreementInfo, get_logo_cdn_domain, user_is_platform_admin
 
 
 @main.route("/email-branding", methods=['GET', 'POST'])
@@ -81,7 +81,7 @@ def update_email_branding(branding_id, logo=None):
         'views/email-branding/manage-branding.html',
         form=form,
         email_branding=email_branding,
-        cdn_url=get_cdn_domain(),
+        cdn_url=get_logo_cdn_domain(),
         logo=logo
     )
 
@@ -126,7 +126,7 @@ def create_email_branding(logo=None):
     return render_template(
         'views/email-branding/manage-branding.html',
         form=form,
-        cdn_url=get_cdn_domain(),
+        cdn_url=get_logo_cdn_domain(),
         logo=logo
     )
 
diff --git a/app/main/views/index.py b/app/main/views/index.py
index 24aa8eb44..7cb508e14 100644
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -16,7 +16,7 @@ from app import email_branding_client
 from app.main import main
 from app.main.forms import SearchTemplatesForm
 from app.main.views.sub_navigation_dictionaries import features_nav
-from app.utils import AgreementInfo, get_cdn_domain
+from app.utils import AgreementInfo, get_logo_cdn_domain
 
 
 @main.route('/')
@@ -108,7 +108,7 @@ def email_template():
         colour = email_branding['colour']
         brand_name = email_branding['text']
         brand_colour = colour
-        brand_logo = ('https://{}/{}'.format(get_cdn_domain(), email_branding['logo'])
+        brand_logo = ('https://{}/{}'.format(get_logo_cdn_domain(), email_branding['logo'])
                       if email_branding['logo'] else None)
         govuk_banner = branding_type in ['govuk', 'both']
         brand_banner = branding_type == 'org_banner'
diff --git a/app/main/views/service_settings.py b/app/main/views/service_settings.py
index 6166d61cc..965b516c6 100644
--- a/app/main/views/service_settings.py
+++ b/app/main/views/service_settings.py
@@ -54,7 +54,7 @@ from app.main.forms import (
 from app.utils import (
     AgreementInfo,
     email_safe,
-    get_cdn_domain,
+    get_logo_cdn_domain,
     user_has_permissions,
     user_is_platform_admin,
 )
@@ -991,7 +991,7 @@ def get_branding_as_value_and_label(email_branding):
 def get_branding_as_dict(email_branding):
     return {
         branding['id']: {
-            'logo': 'https://{}/{}'.format(get_cdn_domain(), branding['logo']),
+            'logo': 'https://{}/{}'.format(get_logo_cdn_domain(), branding['logo']),
             'colour': branding['colour']
         } for branding in email_branding
     }
diff --git a/app/utils.py b/app/utils.py
index d11b1c53e..26e945901 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -354,7 +354,7 @@ def email_or_sms_not_enabled(template_type, permissions):
     return (template_type in ['email', 'sms']) and (template_type not in permissions)
 
 
-def get_cdn_domain():
+def get_logo_cdn_domain():
     parsed_uri = urlparse(current_app.config['ADMIN_BASE_URL'])
 
     if parsed_uri.netloc.startswith('localhost'):
diff --git a/tests/app/main/views/test_headers.py b/tests/app/main/views/test_headers.py
index 95e2c8d8e..853bbba1a 100644
--- a/tests/app/main/views/test_headers.py
+++ b/tests/app/main/views/test_headers.py
@@ -1,5 +1,5 @@
 def test_owasp_useful_headers_set(client, mocker):
-    mocker.patch('app.get_cdn_domain', return_value='static-logos.test.com')
+    mocker.patch('app.get_logo_cdn_domain', return_value='static-logos.test.com')
 
     response = client.get('/')
 
@@ -20,7 +20,7 @@ def test_owasp_useful_headers_set(client, mocker):
 
 
 def test_headers_non_ascii_characters_are_replaced(client, mocker):
-    mocker.patch('app.get_cdn_domain', return_value='static-logos€æ.test.com')
+    mocker.patch('app.get_logo_cdn_domain', return_value='static-logos€æ.test.com')
 
     response = client.get('/')
 
diff --git a/tests/app/test_utils.py b/tests/app/test_utils.py
index 48136844f..75fb651c9 100644
--- a/tests/app/test_utils.py
+++ b/tests/app/test_utils.py
@@ -16,7 +16,7 @@ from app.utils import (
     generate_next_dict,
     generate_notifications_csv,
     generate_previous_dict,
-    get_cdn_domain,
+    get_logo_cdn_domain,
 )
 from tests.conftest import fake_uuid
 
@@ -278,13 +278,13 @@ def test_generate_notifications_csv_calls_twice_if_next_link(
 
 def test_get_cdn_domain_on_localhost(client, mocker):
     mocker.patch.dict('app.current_app.config', values={'ADMIN_BASE_URL': 'http://localhost:6012'})
-    domain = get_cdn_domain()
+    domain = get_logo_cdn_domain()
     assert domain == 'static-logos.notify.tools'
 
 
 def test_get_cdn_domain_on_non_localhost(client, mocker):
     mocker.patch.dict('app.current_app.config', values={'ADMIN_BASE_URL': 'https://some.admintest.com'})
-    domain = get_cdn_domain()
+    domain = get_logo_cdn_domain()
     assert domain == 'static-logos.admintest.com'