diff --git a/specification/draft/apps.mdx b/specification/draft/apps.mdx
index fd431ae8..6549ca22 100644
--- a/specification/draft/apps.mdx
+++ b/specification/draft/apps.mdx
@@ -281,7 +281,7 @@ When `_meta.ui` is present on **both**, the content-item value takes precedence.
 #### Host Behavior:
 
 - **CSP Enforcement:** Host MUST construct CSP headers based on declared domains
-- **Restrictive Default:** If `ui.csp` is omitted, Host MUST use:
+- **Restrictive Default:** If `ui.csp` is omitted, Host SHOULD use:
 
   ```
   default-src 'none';