diff --git a/server/express.js b/server/express.js
index ab1ff16313a..da70316e5c0 100644
--- a/server/express.js
+++ b/server/express.js
@@ -184,6 +184,7 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
             objectSrc: [`'none'`],
             workerSrc: [`'self' blob:`],
             reportUri: `https://csp.withgoogle.com/csp/cdap`,
+            upgradeInsecureRequests: null,
           },
         },
         hsts: cdapConfig["hsts.enabled"] === 'true' && hstsSettings,