diff --git a/__tests__/fetch_request.js b/__tests__/fetch_request.js
index 482da13..1a2f82e 100644
--- a/__tests__/fetch_request.js
+++ b/__tests__/fetch_request.js
@@ -223,11 +223,16 @@ describe('header handling', () => {
 
   describe('csrf token inclusion', () => {
     // window.location.hostname is "localhost" in the test suite
-    test('csrf token is not included in headers if url hostname is not the same as window.location', () => {
+    test('csrf token is not included in headers if url hostname is not the same as window.location (http)', () => {
       const request = new FetchRequest("get", "http://removeservice.com/test.json")
       expect(request.fetchOptions.headers).not.toHaveProperty("X-CSRF-Token")
     })
 
+    test('csrf token is not included in headers if url hostname is not the same as window.location (https)', () => {
+      const request = new FetchRequest("get", "https://removeservice.com/test.json")
+      expect(request.fetchOptions.headers).not.toHaveProperty("X-CSRF-Token")
+    })
+
     test('csrf token is included in headers if url hostname is the same as window.location', () => {
       const request = new FetchRequest("get", "http://localhost/test.json")
       expect(request.fetchOptions.headers).toHaveProperty("X-CSRF-Token")
diff --git a/src/fetch_request.js b/src/fetch_request.js
index 2d27f01..11a78bf 100644
--- a/src/fetch_request.js
+++ b/src/fetch_request.js
@@ -49,7 +49,7 @@ export class FetchRequest {
   }
 
   sameHostname () {
-    if (!this.originalUrl.startsWith('http:')) {
+    if (!this.originalUrl.startsWith('http:') && !this.originalUrl.startsWith('https:')) {
       return true
     }