diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
index fe85d8c0..59a9f467 100644
--- a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
+++ b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -58,7 +58,9 @@ public static function fromFrontend($request)
 
         $referer = Str::replaceFirst('http://', '', $referer);
 
-        return Str::startsWith($referer, config('sanctum.stateful', [])) ||
-               Str::is(config('sanctum.stateful', []), $referer);
+        $stateful = array_filter(config('sanctum.stateful', []));
+
+        return Str::startsWith($referer, $stateful) ||
+               Str::is($stateful, $referer);
     }
 }
diff --git a/tests/EnsureFrontendRequestsAreStatefulTest.php b/tests/EnsureFrontendRequestsAreStatefulTest.php
index 88858cfa..1a72aa53 100644
--- a/tests/EnsureFrontendRequestsAreStatefulTest.php
+++ b/tests/EnsureFrontendRequestsAreStatefulTest.php
@@ -35,6 +35,15 @@ public function test_wildcard_matching()
         $this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));
     }
 
+    public function test_requests_are_not_stateful_without_referer()
+    {
+        $this->app['config']->set('sanctum.stateful', ['']);
+
+        $request = Request::create('/');
+
+        $this->assertFalse(EnsureFrontendRequestsAreStateful::fromFrontend($request));
+    }
+
     protected function getPackageProviders($app)
     {
         return [SanctumServiceProvider::class];