diff --git a/mitmproxy/addons/__init__.py b/mitmproxy/addons/__init__.py
index 71d83dada..8a2f2974f 100644
--- a/mitmproxy/addons/__init__.py
+++ b/mitmproxy/addons/__init__.py
@@ -12,6 +12,7 @@ from mitmproxy.addons import stickyauth
 from mitmproxy.addons import stickycookie
 from mitmproxy.addons import streambodies
 from mitmproxy.addons import upstream_auth
+from mitmproxy.addons import disable_h2c_upgrade
 
 
 def default_addons():
@@ -30,4 +31,5 @@ def default_addons():
         serverplayback.ServerPlayback(),
         clientplayback.ClientPlayback(),
         upstream_auth.UpstreamAuth(),
+        disable_h2c_upgrade.DisableH2CleartextUpgrade(),
     ]
diff --git a/mitmproxy/addons/disable_h2c_upgrade.py b/mitmproxy/addons/disable_h2c_upgrade.py
new file mode 100644
index 000000000..f4a36d5f0
--- /dev/null
+++ b/mitmproxy/addons/disable_h2c_upgrade.py
@@ -0,0 +1,21 @@
+class DisableH2CleartextUpgrade:
+
+    """
+    We currently only support HTTP/2 over a TLS connection. Some clients try
+    to upgrade a connection from HTTP/1.1 to h2c, so we need to remove those
+    headers to avoid protocol errors if one endpoints suddenly starts sending
+    HTTP/2 frames.
+    """
+
+    def process_flow(self, f):
+        if f.request.headers.get('upgrade', '') == 'h2c':
+            del f.request.headers['upgrade']
+            if 'connection' in f.request.headers:
+                del f.request.headers['connection']
+            if 'http2-settings' in f.request.headers:
+                del f.request.headers['http2-settings']
+
+    # Handlers
+
+    def request(self, f):
+        self.process_flow(f)