diff --git a/test/basic.ssr.csp.test.js b/test/basic.ssr.csp.test.js
index 8eba5c194d..1ae4f359e6 100644
--- a/test/basic.ssr.csp.test.js
+++ b/test/basic.ssr.csp.test.js
@@ -101,3 +101,22 @@ test.serial('Contain Content-Security-Policy header, when csp.policies set', asy
 
   await nuxt.close()
 })
+
+test.serial('Contain Content-Security-Policy header, when csp.policies.script-src is not set', async t => {
+  const cspOption = {
+    enabled: true,
+    policies: {
+      'default-src': [`'none'`]
+    }
+  }
+
+  const nuxt = await startCSPTestServer(t, cspOption)
+  const { headers } = await rp(url('/stateless'), {
+    resolveWithFullResponse: true
+  })
+
+  t.regex(headers['content-security-policy'], /default-src 'none'/)
+  t.regex(headers['content-security-policy'], /script-src 'self' 'sha256-.*'/)
+
+  await nuxt.close()
+})