diff --git a/src/ContentSecurityPolicy/DirectiveSet.php b/src/ContentSecurityPolicy/DirectiveSet.php
index 70fcdec..f3dd235 100644
--- a/src/ContentSecurityPolicy/DirectiveSet.php
+++ b/src/ContentSecurityPolicy/DirectiveSet.php
@@ -140,6 +140,9 @@ public function buildHeaderValue(Request $request, ?array $signatures = null): s
                 // this is the recommended way to deal with this.
                 if (false === strpos($value, '\'unsafe-inline\'') && $this->level1Fallback) {
                     $policy[] = $name.' '.$value.' \'unsafe-inline\' '.$signatures[$name];
+                // Do not add any signatures if 'unsafe-inline' is allowed anyway
+                } elseif (false !== strpos($value, '\'unsafe-inline\'')) {
+                    $policy[] = $name.' '.$value;
                 } else {
                     $policy[] = $name.' '.$value.' '.$signatures[$name];
                 }
diff --git a/tests/ContentSecurityPolicy/DirectiveSetTest.php b/tests/ContentSecurityPolicy/DirectiveSetTest.php
index e54b50b..bb629f2 100644
--- a/tests/ContentSecurityPolicy/DirectiveSetTest.php
+++ b/tests/ContentSecurityPolicy/DirectiveSetTest.php
@@ -374,7 +374,7 @@ public function provideConfigAndSignatures(): array
     {
         return [
             [
-                'default-src \'self\'; script-src \'self\' \'unsafe-inline\' \'sha-1\'; style-src \'self\' \'unsafe-inline\' \'sha2\'',
+                'default-src \'self\'; script-src \'self\' \'unsafe-inline\'; style-src \'self\' \'unsafe-inline\' \'sha2\'',
                 [
                     'enforce' => [
                         'level1_fallback' => true,
diff --git a/tests/Listener/ContentSecurityPolicyListenerTest.php b/tests/Listener/ContentSecurityPolicyListenerTest.php
index 5257e77..57a38e1 100644
--- a/tests/Listener/ContentSecurityPolicyListenerTest.php
+++ b/tests/Listener/ContentSecurityPolicyListenerTest.php
@@ -87,13 +87,13 @@ public function testDefaultWithSignatures(): void
         );
     }
 
-    public function testEvenWithUnsafeInlineItAppliesSignature(): void
+    public function testDoesNotApplySignatureWithUnsafeInline(): void
     {
         $listener = $this->buildSimpleListener(['default-src' => "default.example.org 'self'", 'script-src' => "'self' 'unsafe-inline'"]);
         $response = $this->callListener($listener, '/', true, 'text/html', ['signatures' => ['script-src' => ['sha-1']]]);
 
         $this->assertSame(
-            "default-src default.example.org 'self'; script-src 'self' 'unsafe-inline' 'sha-1'",
+            "default-src default.example.org 'self'; script-src 'self' 'unsafe-inline'",
             $response->headers->get('Content-Security-Policy')
         );
     }