diff --git a/lib/plugins/validators/async/21_checkContentType.js b/lib/plugins/validators/async/21_checkContentType.js
index a8f66bca0..c073cd597 100644
--- a/lib/plugins/validators/async/21_checkContentType.js
+++ b/lib/plugins/validators/async/21_checkContentType.js
@@ -95,6 +95,7 @@ export default {
 
                     if (frame_ancestors) { // allow only if it contains " * " or "http://*" or "https://*"
                         frame_ancestors = frame_ancestors.replace(/https?:\/\/\*/ig, '*'); // Ex. Behance video streams via Adobe CDN
+                        frame_ancestors = frame_ancestors.replace(/\bhttps?:(?!\S)/ig, '*'); // Ex. "frame-ancestors https:" - scheme-only means any HTTPS origin
                         frame_ancestors = frame_ancestors.replace(/^\*/i, ' *');
                         frame_ancestors = frame_ancestors.replace(/\*$/i, '* ');
                         if (frame_ancestors.indexOf(' * ') == -1) {