diff --git a/lib/config/default.js b/lib/config/default.js
index ed812f454..c1f3f9733 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -22,8 +22,8 @@ module.exports = {
     directives: {
     },
     addDefaults: true,
-    addDisqus: true,
-    addGoogleAnalytics: true,
+    addDisqus: false,
+    addGoogleAnalytics: false,
     upgradeInsecureRequests: 'auto',
     reportURI: undefined
   },
diff --git a/test/csp.js b/test/csp.js
index 705981566..154120221 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -68,6 +68,15 @@ describe('Content security policies', function () {
     assert(!csp.computeDirectives().scriptSrc.includes('https://www.google-analytics.com'))
   })
 
+  it('Enable Google Analytics', function () {
+    const testconfig = defaultConfig
+    testconfig.csp.addGoogleAnalytics = true
+    mock('../lib/config', testconfig)
+    csp = mock.reRequire('../lib/csp')
+
+    assert(csp.computeDirectives().scriptSrc.includes('https://www.google-analytics.com'))
+  })
+
   it('Disable Disqus', function () {
     const testconfig = defaultConfig
     testconfig.csp.addDisqus = false
@@ -81,6 +90,19 @@ describe('Content security policies', function () {
     assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
   })
 
+  it('Enable Disqus', function () {
+    const testconfig = defaultConfig
+    testconfig.csp.addDisqus = true
+    mock('../lib/config', testconfig)
+    csp = mock.reRequire('../lib/csp')
+
+    assert(csp.computeDirectives().scriptSrc.includes('https://disqus.com'))
+    assert(csp.computeDirectives().scriptSrc.includes('https://*.disqus.com'))
+    assert(csp.computeDirectives().scriptSrc.includes('https://*.disquscdn.com'))
+    assert(csp.computeDirectives().styleSrc.includes('https://*.disquscdn.com'))
+    assert(csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
+  })
+
   it('Include dropbox if configured', function () {
     const testconfig = defaultConfig
     testconfig.dropbox.appKey = 'hedgedoc'