diff --git a/plugins/system/httpheaders/httpheaders.php b/plugins/system/httpheaders/httpheaders.php
index 2c72af603df1c..0f535303db7d1 100644
--- a/plugins/system/httpheaders/httpheaders.php
+++ b/plugins/system/httpheaders/httpheaders.php
@@ -535,7 +535,8 @@ private function getHtaccessRulesForStaticHeaderConfiguration(): string
 		{
 			$headerAndClient = explode('#', $headerAndClient);
 
-			if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only']))
+			if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only'])
+				&& $headerAndClient[1] === 'both')
 			{
 				$newHtaccessBuffer .= '    Header set ' . $headerAndClient[0] . ' "' . $value . '"' . PHP_EOL;
 			}
@@ -593,7 +594,8 @@ private function getWebConfigRulesForStaticHeaderConfiguration(): string
 			{
 				$headerAndClient = explode('#', $headerAndClient);
 
-				if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only']))
+				if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only'])
+					&& $headerAndClient[1] === 'both')
 				{
 					$newHeader = $webConfigDomDoc->createElement('add');
 
@@ -615,7 +617,8 @@ private function getWebConfigRulesForStaticHeaderConfiguration(): string
 			{
 				$headerAndClient = explode('#', $headerAndClient);
 
-				if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only']))
+				if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only'])
+					&& $headerAndClient[1] === 'both')
 				{
 					$newHeader = $webConfigDomDoc->createElement('add');
 
@@ -660,7 +663,8 @@ private function getWebConfigRulesForStaticHeaderConfiguration(): string
 				// The header wasn't found we need to create it
 				if (!$found)
 				{
-					if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only']))
+					if (!in_array(strtolower($headerAndClient[0]), ['content-security-policy', 'content-security-policy-report-only'])
+						&& $headerAndClient[1] === 'both')
 					{
 						// Generate the new header Element
 						$newHeader = $webConfigDomDoc->createElement('add');