diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 361023e05..fc271d2cb 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -32,7 +32,7 @@
     base_uri: ["'self'"],
     block_all_mixed_content: true, # see http://www.w3.org/TR/mixed-content/
     frame_ancestors: ["'none'"],
-    form_action: ["'self'"] # This counters some XSS busters
+    form_action: normal_src # This counters some XSS busters
   }
   config.cookies = {
     secure: true, # mark all cookies as Secure