diff --git a/src/index.js b/src/index.js
index ef02cc2..ec4e2d4 100644
--- a/src/index.js
+++ b/src/index.js
@@ -51,7 +51,7 @@ export default class FacebookTokenStrategy extends OAuth2Strategy {
     this._passReqToCallback = options.passReqToCallback;
     this._profileURL = options.profileURL || 'https://graph.facebook.com/v2.4/me';
     this._clientSecret = options.clientSecret;
-    this._enableProof = options.enableProof;
+    this._enableProof = typeof options.enableProof === 'boolean' ? options.enableProof : true;
     this._profileFields = options.profileFields || ['id', 'name', 'emails'];
     this._oauth2._useAuthorizationHeaderForGET = false;
   }
diff --git a/test/unit/index.test.js b/test/unit/index.test.js
index ac15f20..75edd77 100644
--- a/test/unit/index.test.js
+++ b/test/unit/index.test.js
@@ -287,7 +287,7 @@ describe('FacebookTokenStrategy:userProfile', () => {
     sinon.stub(strategy._oauth2, 'get', (url, accessToken, next) => next(null, fakeProfile, null));
 
     strategy.userProfile('accessToken', (error, profile) => {
-      assert.equal(strategy._oauth2.get.getCall(0).args[0], 'https://graph.facebook.com/v2.4/me?fields=last_name,first_name,middle_name,custom');
+      assert.equal(strategy._oauth2.get.getCall(0).args[0], 'https://graph.facebook.com/v2.4/me?appsecret_proof=8c340bd01643ab69939ca971314d7a3d64bfb18946cdde566f12fdbf6707d182&fields=last_name,first_name,middle_name,custom');
       strategy._oauth2.get.restore();
       done();
     });