diff --git a/lib/csp.js b/lib/csp.js
index 108f2a22d..08efdd795 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
 
 function addUpgradeUnsafeRequestsOptionTo (directives) {
   if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   } else if (config.csp.upgradeInsecureRequests === true) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   }
 }