diff --git a/src/dfx/assets/project_templates/react/src/__frontend_name__/public/.ic-assets.json5 b/src/dfx/assets/project_templates/react/src/__frontend_name__/public/.ic-assets.json5
index d700f7e7e4..9ec78c35d2 100644
--- a/src/dfx/assets/project_templates/react/src/__frontend_name__/public/.ic-assets.json5
+++ b/src/dfx/assets/project_templates/react/src/__frontend_name__/public/.ic-assets.json5
@@ -21,7 +21,7 @@
             // Notes about the CSP below:
             // - We added img-src data: because data: images are used often.
             // - frame-ancestors: none mitigates clickjacking attacks. See https://owasp.org/www-community/attacks/Clickjacking.
-            "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';",
+            "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
 
             // Security: The permissions policy disables all features for security reasons. If your site needs such permissions, activate them.
             // To configure permissions go here https://www.permissionspolicy.com/