diff --git a/BTCPayServer/TagHelpers.cs b/BTCPayServer/TagHelpers.cs
index 2da80a64f8..6db34b3c83 100644
--- a/BTCPayServer/TagHelpers.cs
+++ b/BTCPayServer/TagHelpers.cs
@@ -86,6 +86,7 @@ public CSPEventTagHelper(ContentSecurityPolicies csp)
         }
         public override void Process(TagHelperContext context, TagHelperOutput output)
         {
+            bool cspAllow = output.Attributes.RemoveAll("csp-allow");
             foreach (var attr in output.Attributes)
             {
                 var n = attr.Name.ToLowerInvariant();
@@ -96,7 +97,7 @@ public override void Process(TagHelperContext context, TagHelperOutput output)
                 else if (n == "href")
                 {
                     var v = attr.Value.ToString();
-                    if (v.StartsWith("javascript:", StringComparison.OrdinalIgnoreCase))
+                    if (v.StartsWith("javascript:", StringComparison.OrdinalIgnoreCase) && cspAllow)
                     {
                         Allow(v);
                     }
diff --git a/BTCPayServer/Views/Account/LoginWithFido2.cshtml b/BTCPayServer/Views/Account/LoginWithFido2.cshtml
index 6b1682bf86..cd67f0f9e4 100644
--- a/BTCPayServer/Views/Account/LoginWithFido2.cshtml
+++ b/BTCPayServer/Views/Account/LoginWithFido2.cshtml
@@ -18,7 +18,7 @@
                     <p>Insert your security key into your computer's USB port. If it has a button, tap on it.</p>
                 </div>
                 <p id="error-message" class="d-none alert alert-danger"></p>
-                <a id="btn-retry" class="btn btn-secondary d-none" href="javascript:window.location.reload()">Retry</a>
+                <a id="btn-retry" class="btn btn-secondary d-none" href="javascript:window.location.reload()" csp-allow>Retry</a>
             </div>
         </div>
     </div>
diff --git a/BTCPayServer/Views/Fido2/Create.cshtml b/BTCPayServer/Views/Fido2/Create.cshtml
index 8815b41e5f..bc33151dd7 100644
--- a/BTCPayServer/Views/Fido2/Create.cshtml
+++ b/BTCPayServer/Views/Fido2/Create.cshtml
@@ -13,7 +13,7 @@
             <p>Insert your security key into your computer's USB port. If it has a button, tap on it.</p>
         </div>
         <p id="error-message" class="d-none alert alert-danger"></p>
-        <a id="btn-retry"  class="btn btn-secondary d-none" href="javascript:window.location.reload()">Retry</a>
+        <a id="btn-retry"  class="btn btn-secondary d-none" href="javascript:window.location.reload()" csp-allow>Retry</a>
     </div>
 </div>
 
diff --git a/BTCPayServer/Views/Invoice/ListInvoices.cshtml b/BTCPayServer/Views/Invoice/ListInvoices.cshtml
index 83a51a84f3..a03b94e8fe 100644
--- a/BTCPayServer/Views/Invoice/ListInvoices.cshtml
+++ b/BTCPayServer/Views/Invoice/ListInvoices.cshtml
@@ -333,7 +333,7 @@
                         </th>
                         <th style="min-width:90px;" class="col-md-auto">
                             Date
-                            <a href="javascript:switchTimeFormat()">
+                            <a href="javascript:switchTimeFormat()" csp-allow>
                                 <span class="fa fa-clock-o" title="Switch date format"></span>
                             </a>
                         </th>
@@ -411,7 +411,7 @@
                                 {
                                     <span>
                                         <a asp-action="Checkout" class="invoice-checkout-link" id="invoice-checkout-@invoice.InvoiceId" asp-route-invoiceId="@invoice.InvoiceId">Checkout</a>
-                                        <a href="javascript:btcpay.showInvoice('@invoice.InvoiceId')">[^]</a>
+                                        <a href="javascript:btcpay.showInvoice('@invoice.InvoiceId')" csp-allow>[^]</a>
                                         @if (!invoice.CanMarkStatus)
                                         {
                                             <span>-</span>
diff --git a/BTCPayServer/Views/Notifications/Index.cshtml b/BTCPayServer/Views/Notifications/Index.cshtml
index 7a435db9bd..11d702eea6 100644
--- a/BTCPayServer/Views/Notifications/Index.cshtml
+++ b/BTCPayServer/Views/Notifications/Index.cshtml
@@ -44,7 +44,7 @@
                                     </th>
                                     <th width="190px">
                                         Date
-                                        <a href="javascript:switchTimeFormat()">
+                                        <a href="javascript:switchTimeFormat()" csp-allow>
                                             <span class="fa fa-clock-o" title="Switch date format"></span>
                                         </a>
                                     </th>
diff --git a/BTCPayServer/Views/Wallets/WalletTransactions.cshtml b/BTCPayServer/Views/Wallets/WalletTransactions.cshtml
index ae021ca3e2..5b5d823954 100644
--- a/BTCPayServer/Views/Wallets/WalletTransactions.cshtml
+++ b/BTCPayServer/Views/Wallets/WalletTransactions.cshtml
@@ -89,7 +89,7 @@
                 <tr>
                     <th style="min-width: 90px;" class="col-md-auto">
                         Date
-                        <a href="javascript:switchTimeFormat()">
+                        <a href="javascript:switchTimeFormat()" csp-allow>
                             <span class="fa fa-clock-o" title="Switch date format"></span>
                         </a>
                     </th>