diff --git a/src/php/.htaccess b/src/php/.htaccess
index 20258c8..1840d1c 100644
--- a/src/php/.htaccess
+++ b/src/php/.htaccess
@@ -1,6 +1,3 @@
-# To resolve the issue with "Your connection to this site is not secure" message
-Header set Content-Security-Policy: upgrade-insecure-requests env=HTTPS 
-
 RewriteEngine On    # Turn on the rewriting engine
 
 RewriteRule    ^view/([0-9]+)/([0-9]+)/?$    router.php?view=word&dict=$1&word=$2    [NC,L]    # Handle word ids.
diff --git a/src/php/api/Response.php b/src/php/api/Response.php
index cf610f1..18416af 100644
--- a/src/php/api/Response.php
+++ b/src/php/api/Response.php
@@ -3,9 +3,13 @@ class Response {
   private static function defaultHeaders () {
     header('Access-Control-Allow-Origin: *');
     header('Expires: Sun, 01 Nov 2015 22:46:51 GMT');
-    header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
-    header("Cache-Control: post-check=0, pre-check=0", false);
-    header("Pragma: no-cache");
+    header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+    header('Cache-Control: post-check=0, pre-check=0', false);
+    header('Pragma: no-cache');
+    if (strpos($_SERVER['SERVER_NAME'], 'localhost') !== false) {
+      # To resolve the issue with "Your connection to this site is not secure" message
+      header('Content-Security-Policy: upgrade-insecure-requests env=HTTPS');
+    }
   }
   
   public static function json ($data, $http_code = 200) {