diff --git a/play-java-chatroom-example/conf/application.conf b/play-java-chatroom-example/conf/application.conf
index fbc49c8c2..1df84cebd 100644
--- a/play-java-chatroom-example/conf/application.conf
+++ b/play-java-chatroom-example/conf/application.conf
@@ -5,10 +5,6 @@ pekko {
   logging-filter = "org.apache.pekko.event.slf4j.Slf4jLoggingFilter"
 }
 
-// https://www.playframework.com/documentation/latest/SecurityHeaders
-// Disable the out of the box content security policy in SecurityHeadersFilter
-play.filters.headers.contentSecurityPolicy = null
-
 // https://www.playframework.com/documentation/latest/AllowedHostsFilter
 play.filters.hosts.allowed = ["localhost:9000", "localhost:19001"]
 
diff --git a/play-java-jpa-example/conf/META-INF/persistence.xml b/play-java-jpa-example/conf/META-INF/persistence.xml
index 16febf89a..e0a91a260 100644
--- a/play-java-jpa-example/conf/META-INF/persistence.xml
+++ b/play-java-jpa-example/conf/META-INF/persistence.xml
@@ -7,7 +7,6 @@
     <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
     <non-jta-data-source>DefaultDS</non-jta-data-source>
     <properties>
-      <property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/>
       <property name="hibernate.hbm2ddl.auto" value="update"/>
     </properties>
   </persistence-unit>
diff --git a/play-java-rest-api-example/conf/META-INF/persistence.xml b/play-java-rest-api-example/conf/META-INF/persistence.xml
index 16febf89a..e0a91a260 100644
--- a/play-java-rest-api-example/conf/META-INF/persistence.xml
+++ b/play-java-rest-api-example/conf/META-INF/persistence.xml
@@ -7,7 +7,6 @@
     <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
     <non-jta-data-source>DefaultDS</non-jta-data-source>
     <properties>
-      <property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/>
       <property name="hibernate.hbm2ddl.auto" value="update"/>
     </properties>
   </persistence-unit>
diff --git a/play-java-starter-example/conf/application.conf b/play-java-starter-example/conf/application.conf
index 97a5077fc..20e0489f7 100644
--- a/play-java-starter-example/conf/application.conf
+++ b/play-java-starter-example/conf/application.conf
@@ -258,9 +258,6 @@ play.filters {
 
     # The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
     #permittedCrossDomainPolicies = "master-only"
-
-    # The Content-Security-Policy header. If null, the header is not set.
-    #contentSecurityPolicy = "default-src 'self'"
   }
 
   ## Allowed hosts filter configuration
diff --git a/play-scala-chatroom-example/conf/application.conf b/play-scala-chatroom-example/conf/application.conf
index d97bd05bb..c8334ff76 100644
--- a/play-scala-chatroom-example/conf/application.conf
+++ b/play-scala-chatroom-example/conf/application.conf
@@ -5,10 +5,6 @@ pekko {
   logging-filter = "org.apache.pekko.event.slf4j.Slf4jLoggingFilter"
 }
 
-// https://www.playframework.com/documentation/latest/SecurityHeaders
-// Disable the out of the box content security policy in SecurityHeadersFilter
-play.filters.headers.contentSecurityPolicy = null
-
 // https://www.playframework.com/documentation/latest/AllowedHostsFilter
 play.filters.hosts.allowed = ["localhost:9000", "localhost:19001"]
 
diff --git a/play-scala-log4j2-example/conf/application.conf b/play-scala-log4j2-example/conf/application.conf
index ab6cd5a6b..f8a84efe9 100644
--- a/play-scala-log4j2-example/conf/application.conf
+++ b/play-scala-log4j2-example/conf/application.conf
@@ -254,9 +254,6 @@ play.filters {
 
     # The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
     #permittedCrossDomainPolicies = "master-only"
-
-    # The Content-Security-Policy header. If null, the header is not set.
-    #contentSecurityPolicy = "default-src 'self'"
   }
 
   ## Allowed hosts filter configuration
diff --git a/play-scala-starter-example/conf/application.conf b/play-scala-starter-example/conf/application.conf
index 63ac219bd..c3ad9e549 100644
--- a/play-scala-starter-example/conf/application.conf
+++ b/play-scala-starter-example/conf/application.conf
@@ -258,9 +258,6 @@ play.filters {
 
     # The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
     #permittedCrossDomainPolicies = "master-only"
-
-    # The Content-Security-Policy header. If null, the header is not set.
-    #contentSecurityPolicy = "default-src 'self'"
   }
 
   ## Allowed hosts filter configuration
diff --git a/play-scala-streaming-example/conf/application.conf b/play-scala-streaming-example/conf/application.conf
index 7d155f8ed..d5db11757 100644
--- a/play-scala-streaming-example/conf/application.conf
+++ b/play-scala-streaming-example/conf/application.conf
@@ -4,7 +4,6 @@
 # Allow URLs from the same origin to be loaded by frames and scripts
 play.filters.headers {
   frameOptions = "SAMEORIGIN"
-  contentSecurityPolicy = "connect-src 'self'"
 }
 
 play.filters.enabled += play.filters.csp.CSPFilter
diff --git a/play-scala-websocket-example/conf/application.conf b/play-scala-websocket-example/conf/application.conf
index c248b1aad..ff160faa1 100644
--- a/play-scala-websocket-example/conf/application.conf
+++ b/play-scala-websocket-example/conf/application.conf
@@ -13,11 +13,11 @@ pekko {
   }
 }
 
+play.filters.enabled += play.filters.csp.CSPFilter
 
-# https://www.playframework.com/documentation/latest/SecurityHeaders
-# Connect to localhost:9000 for content security policy on websockets
-play.filters.headers {
-  contentSecurityPolicy = "connect-src 'self' ws://localhost:9000"
+play.filters.csp.directives {
+  connect-src = "'self' ws://localhost:9000"
+  default-src = "'self'"
 }
 
 # https://www.playframework.com/documentation/latest/AllowedHostsFilter