diff --git a/modules/utilities/unix/web_browsers/iceweasel/manifests/config.pp b/modules/utilities/unix/web_browsers/iceweasel/manifests/config.pp
index 7798002df..58d313869 100644
--- a/modules/utilities/unix/web_browsers/iceweasel/manifests/config.pp
+++ b/modules/utilities/unix/web_browsers/iceweasel/manifests/config.pp
@@ -4,7 +4,7 @@ class iceweasel::config {
   $autostart = str2bool($secgen_params['autostart'][0])
   $start_pages = $secgen_params['start_page']
   $disable_proxy = str2bool($secgen_params['disable_proxy'][0])
-
+  $disable_https_upgrade = str2bool($secgen_params['disable_proxy'][0])
   # Setup IW for each user account
   $accounts.each |$raw_account| {
     $account = parsejson($raw_account)
diff --git a/modules/utilities/unix/web_browsers/iceweasel/secgen_metadata.xml b/modules/utilities/unix/web_browsers/iceweasel/secgen_metadata.xml
index 71c1cadef..bdf3dbe22 100644
--- a/modules/utilities/unix/web_browsers/iceweasel/secgen_metadata.xml
+++ b/modules/utilities/unix/web_browsers/iceweasel/secgen_metadata.xml
@@ -31,6 +31,10 @@
     <value>true</value>
   </default_input>
 
+  <default_input into="disable_https_upgrade">
+    <value>false</value>
+  </default_input>
+
   <requires>
     <type>update</type>
   </requires>
diff --git a/modules/utilities/unix/web_browsers/iceweasel/templates/user.js.erb b/modules/utilities/unix/web_browsers/iceweasel/templates/user.js.erb
index 097f27f91..190652a7b 100644
--- a/modules/utilities/unix/web_browsers/iceweasel/templates/user.js.erb
+++ b/modules/utilities/unix/web_browsers/iceweasel/templates/user.js.erb
@@ -79,4 +79,13 @@ user_pref("browser.shell.checkDefaultBrowser", false);
 // Conditional proxy settings
 <% if @disable_proxy -%>
 user_pref("network.proxy.type", 0);
-<% end-%>
\ No newline at end of file
+<% end-%>
+
+<% if @disable_https_upgrade -%>
+user_pref("dom.security.https_only_mode", false);
+user_pref("dom.security.https_only_mode_ever_enabled", false);
+user_pref("dom.security.https_only_mode_pbm", false);
+user_pref("dom.security.https_first", false);
+user_pref("dom.security.https_first_pbm", false);
+user_pref("network.stricttransportsecurity.preloadlist", false);
+<% end %>
\ No newline at end of file
diff --git a/scenarios/security_audit/team_project.xml b/scenarios/security_audit/team_project.xml
index bb0477666..af646ef4c 100644
--- a/scenarios/security_audit/team_project.xml
+++ b/scenarios/security_audit/team_project.xml
@@ -217,6 +217,9 @@
       <input into="start_page">
         <datastore access="1">IP_addresses</datastore>
       </input>
+      <input into="disable_https_upgrade">
+        <value>true</value>
+      </input>
     </utility>
 
     <utility module_path=".*/handy_cli_tools"/>