diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
index 40aedff720f7220867c102acaece4af672a1c3df..ecae039192bb73e47195575de845bcea967b74d5 100644
--- a/res/res_http_websocket.c
+++ b/res/res_http_websocket.c
@@ -781,13 +781,6 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
 			return 0;
 		}
 
-		fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
-			"Upgrade: %s\r\n"
-			"Connection: Upgrade\r\n"
-			"Sec-WebSocket-Accept: %s\r\n",
-			upgrade,
-			websocket_combine_key(key, base64, sizeof(base64)));
-
 		/* RFC 6455, Section 4.1:
 		 *
 		 * 6. If the response includes a |Sec-WebSocket-Protocol| header
@@ -798,11 +791,23 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
 		 *    Connection_.
 		 */
 		if (protocol) {
-			fprintf(ser->f, "Sec-WebSocket-Protocol: %s\r\n",
+			fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
+				"Upgrade: %s\r\n"
+				"Connection: Upgrade\r\n"
+				"Sec-WebSocket-Accept: %s\r\n"
+				"Sec-WebSocket-Protocol: %s\r\n\r\n",
+				upgrade,
+				websocket_combine_key(key, base64, sizeof(base64)),
 				protocol);
+		} else {
+			fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
+				"Upgrade: %s\r\n"
+				"Connection: Upgrade\r\n"
+				"Sec-WebSocket-Accept: %s\r\n\r\n",
+				upgrade,
+				websocket_combine_key(key, base64, sizeof(base64)));
 		}
 
-		fprintf(ser->f, "\r\n");
 		fflush(ser->f);
 	} else {