diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp
index 1f6de5e02cf4..d894209f6147 100644
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -1171,6 +1171,10 @@ nsCSPParser::directive()
     return;
   }
 
+  if (CSP_IsEmptyDirective(mCurValue, mCurToken)) {
+    return;
+  }
+
   // Try to create a new CSPDirective
   nsCSPDirective* cspDir = directiveName();
   if (!cspDir) {
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index 1149b71387f0..54d43898a66e 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -307,6 +307,12 @@ CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI)
   return hostsrc;
 }
 
+bool
+CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir)
+{
+  return (aDir.Length() == 0 &&
+          aValue.Length() == 0);
+}
 bool
 CSP_IsValidDirective(const nsAString& aDir)
 {
diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h
index b7cd3a9a68aa..e7ec73ad5a4b 100644
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@@ -211,6 +211,7 @@ nsresult CSP_AppendCSPFromHeader(nsIContentSecurityPolicy* aCsp,
 class nsCSPHostSrc;
 
 nsCSPHostSrc* CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI);
+bool CSP_IsEmptyDirective(const nsAString& aValue, const nsAString& aDir);
 bool CSP_IsValidDirective(const nsAString& aDir);
 bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir);
 bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey);
diff --git a/dom/security/test/csp/file_empty_directive.html b/dom/security/test/csp/file_empty_directive.html
new file mode 100644
index 000000000000..16196bb19f48
--- /dev/null
+++ b/dom/security/test/csp/file_empty_directive.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf8">
+    <title>Bug 587377 - CSP keywords "'self'" and "'none'" are easy to confuse with host names "self" and "none"</title>
+    <!-- Any copyright is dedicated to the Public Domain.
+       - http://creativecommons.org/publicdomain/zero/1.0/ -->
+  </head>
+  <body>
+  </body>
+</html>
diff --git a/dom/security/test/csp/file_empty_directive.html^headers^ b/dom/security/test/csp/file_empty_directive.html^headers^
new file mode 100644
index 000000000000..50dbe57bb929
--- /dev/null
+++ b/dom/security/test/csp/file_empty_directive.html^headers^
@@ -0,0 +1 @@
+Content-Security-Policy: ;
diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini
index 3bc8a5def3e0..e657706e3578 100644
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -108,6 +108,8 @@ support-files =
   file_ignore_unsafe_inline_multiple_policies_server.sjs
   file_self_none_as_hostname_confusion.html
   file_self_none_as_hostname_confusion.html^headers^
+  file_empty_directive.html
+  file_empty_directive.html^headers^
   file_path_matching.html
   file_path_matching_incl_query.html
   file_path_matching.js
@@ -268,6 +270,7 @@ skip-if = toolkit == 'android' # Times out, not sure why (bug 1008445)
 [test_scheme_relative_sources.html]
 [test_ignore_unsafe_inline.html]
 [test_self_none_as_hostname_confusion.html]
+[test_empty_directive.html]
 [test_path_matching.html]
 [test_path_matching_redirect.html]
 [test_report_uri_missing_in_report_only_header.html]
diff --git a/dom/security/test/csp/test_empty_directive.html b/dom/security/test/csp/test_empty_directive.html
new file mode 100644
index 000000000000..9193ee26fbf5
--- /dev/null
+++ b/dom/security/test/csp/test_empty_directive.html
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1439425
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1439425</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1439425">Mozilla Bug 1439425</a>
+<p id="display"></p>
+
+<iframe id="cspframe"></iframe>
+
+<pre id="test">
+
+<script class="testbody" type="text/javascript">
+let consoleCount = 0;
+
+function cleanup() {
+  SpecialPowers.postConsoleSentinel();
+}
+
+function finish() {
+  SimpleTest.finish();
+}
+
+SpecialPowers.registerConsoleListener(function ConsoleMsgListener(aMsg) {
+  if (aMsg.message == "SENTINEL") {
+    is(consoleCount, 0);
+    SimpleTest.executeSoon(finish);
+  } else {
+    ++consoleCount;
+    ok(false, "Must never see a console warning here");
+  }
+});
+
+// set up and start testing
+SimpleTest.waitForExplicitFinish();
+let frame = document.getElementById('cspframe');
+frame.onload = () => {
+  SimpleTest.executeSoon(cleanup);
+};
+frame.src = 'file_empty_directive.html';
+</script>
+</pre>
+</body>
+</html>