diff --git a/config/updates.jenkins.io-content-secured.yaml b/config/updates.jenkins.io-content-secured.yaml
index b21d6fcaa..967e12a39 100644
--- a/config/updates.jenkins.io-content-secured.yaml
+++ b/config/updates.jenkins.io-content-secured.yaml
@@ -96,7 +96,7 @@ ingress:
     - host: mirrors.updates.jenkins.io
       paths:
         # Only send request to files with these extensions to mirrorbits
-        - path: /.*([.](html|json|txt)|TIME)$  # Requires the regexp engine of Nginx to be enabled
+        - path: /.*([.](html|json|txt|ico)|TIME)$  # Requires the regexp engine of Nginx to be enabled
           pathType: ImplementationSpecific
   tls:
     - secretName: updates-jenkins-io-mirrorbits-tls
diff --git a/config/updates.jenkins.io-content-unsecured.yaml b/config/updates.jenkins.io-content-unsecured.yaml
index 6afc802a4..17c782390 100644
--- a/config/updates.jenkins.io-content-unsecured.yaml
+++ b/config/updates.jenkins.io-content-unsecured.yaml
@@ -84,7 +84,7 @@ ingress:
     - host: mirrors.updates.jenkins.io
       paths:
         # Only send request to files with these extensions to mirrorbits
-        - path: /internal_http/(.*)([.](html|json|txt)|TIME)$  # Requires the regexp engine of Nginx to be enabled
+        - path: /internal_http/(.*)([.](html|json|txt|ico)|TIME)$  # Requires the regexp engine of Nginx to be enabled
           pathType: ImplementationSpecific
   additionalIngresses:
     - className: public-nginx