diff --git a/libraries/script-engine/src/XMLHttpRequestClass.cpp b/libraries/script-engine/src/XMLHttpRequestClass.cpp
index 1d3c8fda32..4e528ec52c 100644
--- a/libraries/script-engine/src/XMLHttpRequestClass.cpp
+++ b/libraries/script-engine/src/XMLHttpRequestClass.cpp
@@ -143,7 +143,7 @@ void XMLHttpRequestClass::open(const QString& method, const QString& url, bool a
         if (url.toLower().left(METAVERSE_API_URL.length()) == METAVERSE_API_URL) {
             auto accountManager = DependencyManager::get<AccountManager>();
                 
-            if (accountManager->hasValidAccessToken()) {
+            if (_url.scheme() == "https" && accountManager->hasValidAccessToken()) {
                 static const QString HTTP_AUTHORIZATION_HEADER = "Authorization";
                 QString bearerString = "Bearer " + accountManager->getAccountInfo().getAccessToken().token;
                 _request.setRawHeader(HTTP_AUTHORIZATION_HEADER.toLocal8Bit(), bearerString.toLocal8Bit());