diff --git a/certoperations.js b/certoperations.js
index 51bcb149..34a5b848 100644
--- a/certoperations.js
+++ b/certoperations.js
@@ -110,6 +110,7 @@ module.exports.CertificateOperations = function (parent) {
         var acmCerts = [], acmmatch = [];
         if (amtacmactivation.certs != null) {
             for (var j in amtacmactivation.certs) {
+                if (j.startsWith('_')) continue; // Skip any certificates that start with underscore as the name.
                 var acmconfig = amtacmactivation.certs[j], r = null;
 
                 if ((typeof acmconfig.certpfx == 'string') && (typeof acmconfig.certpfxpass == 'string')) {
diff --git a/meshcentral.js b/meshcentral.js
index 6d395f71..ae161d1c 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -1350,6 +1350,7 @@ function CreateMeshCentralServer(config, args) {
 
         // Load CloudFlare trusted proxies list if needed
         if ((obj.config.settings.trustedproxy != null) && (typeof obj.config.settings.trustedproxy == 'string') && (obj.config.settings.trustedproxy.toLowerCase() == 'cloudflare')) {
+            obj.config.settings.extrascriptsrc = 'ajax.cloudflare.com'; // Add CloudFlare as a trusted script source. This allows for CloudFlare's RocketLoader feature.
             delete obj.args.trustedproxy;
             delete obj.config.settings.trustedproxy;
             obj.certificateOperations.loadTextFile('https://www.cloudflare.com/ips-v4', null, function (url, data, tag) {
diff --git a/webserver.js b/webserver.js
index 7f8b26af..820c4941 100644
--- a/webserver.js
+++ b/webserver.js
@@ -5014,11 +5014,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 const geourl = (domain.geolocation ? ' *.openstreetmap.org' : '');
                 var selfurl = ' wss://' + req.headers.host;
                 if ((xforwardedhost != null) && (xforwardedhost != req.headers.host)) { selfurl += ' wss://' + xforwardedhost; }
+                const extraScriptSrc = (parent.config.settings.extrascriptsrc != null) ? (' ' + parent.config.settings.extrascriptsrc) : '';
                 const headers = {
                     'Referrer-Policy': 'no-referrer',
                     'X-XSS-Protection': '1; mode=block',
                     'X-Content-Type-Options': 'nosniff',
-                    'Content-Security-Policy': "default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'" + geourl + selfurl + "; img-src 'self'" + geourl + " data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.youtube.com mcrouter:; media-src 'self'; form-action 'self'"
+                    'Content-Security-Policy': "default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline'" + extraScriptSrc + "; connect-src 'self'" + geourl + selfurl + "; img-src 'self'" + geourl + " data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.youtube.com mcrouter:; media-src 'self'; form-action 'self'"
                 };
                 if ((parent.config.settings.allowframing !== true) && (typeof parent.config.settings.allowframing !== 'string')) { headers['X-Frame-Options'] = 'sameorigin'; }
                 res.set(headers);