diff --git a/apps/browser/src/vault/fido2/background/fido2.background.ts b/apps/browser/src/vault/fido2/background/fido2.background.ts
index 0666f804f28..d1e41c0c493 100644
--- a/apps/browser/src/vault/fido2/background/fido2.background.ts
+++ b/apps/browser/src/vault/fido2/background/fido2.background.ts
@@ -33,7 +33,7 @@ export class Fido2Background implements Fido2BackgroundInterface {
     runAt: "document_start",
   };
   private readonly sharedRegistrationOptions: SharedFido2ScriptRegistrationOptions = {
-    matches: ["https://*/*"],
+    matches: ["https://*/*", "http://localhost/*"],
     excludeMatches: ["https://*/*.xml*"],
     allFrames: true,
     ...this.sharedInjectionDetails,
diff --git a/apps/browser/src/vault/fido2/content/content-script.ts b/apps/browser/src/vault/fido2/content/content-script.ts
index ad9f526f6ce..171aa7cd834 100644
--- a/apps/browser/src/vault/fido2/content/content-script.ts
+++ b/apps/browser/src/vault/fido2/content/content-script.ts
@@ -17,7 +17,9 @@ import { MessageWithMetadata, Messenger } from "./messaging/messenger";
 (function (globalContext) {
   const shouldExecuteContentScript =
     globalContext.document.contentType === "text/html" &&
-    globalContext.document.location.protocol === "https:";
+    (globalContext.document.location.protocol === "https:" ||
+      (globalContext.document.location.protocol === "http:" &&
+        globalContext.document.location.hostname === "localhost"));
 
   if (!shouldExecuteContentScript) {
     return;
diff --git a/apps/browser/src/vault/fido2/content/page-script.ts b/apps/browser/src/vault/fido2/content/page-script.ts
index 5898dbd04df..f231a2878d2 100644
--- a/apps/browser/src/vault/fido2/content/page-script.ts
+++ b/apps/browser/src/vault/fido2/content/page-script.ts
@@ -8,7 +8,9 @@ import { Messenger } from "./messaging/messenger";
 (function (globalContext) {
   const shouldExecuteContentScript =
     globalContext.document.contentType === "text/html" &&
-    globalContext.document.location.protocol === "https:";
+    (globalContext.document.location.protocol === "https:" ||
+      (globalContext.document.location.protocol === "http:" &&
+        globalContext.document.location.hostname === "localhost"));
 
   if (!shouldExecuteContentScript) {
     return;