diff --git a/packages/server/src/middleware/nuxt.js b/packages/server/src/middleware/nuxt.js
index b430d3e946..8c3dbfc365 100644
--- a/packages/server/src/middleware/nuxt.js
+++ b/packages/server/src/middleware/nuxt.js
@@ -69,7 +69,7 @@ export default ({ options, nuxt, renderRoute, resources }) => async function nux
       }
     }
 
-    if (options.render.csp) {
+    if (options.render.csp && cspScriptSrcHashes) {
       const { allowedSources, policies } = options.render.csp
       const cspHeader = options.render.csp.reportOnly ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy'