Skip to content

Instantly share code, notes, and snippets.

@jacobovidal
Last active July 2, 2023 22:31
  • Star 14 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jacobovidal/ef5015e4e05905c6ec684425cf30bc9b to your computer and use it in GitHub Desktop.
Upgrade Insecure Requests via .htaccess or meta tag to prevent mixed content
<ifModule mod_headers.c>
Header always set Content-Security-Policy "upgrade-insecure-requests;"
</IfModule>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
@mbrughi
Copy link

mbrughi commented May 5, 2022

For NginX and Plesk Panel add this line in Domain -> Apache & Nginx settings -> Additional nginx directives :

add_header Content-Security-Policy upgrade-insecure-requests;

@hgc81538
Copy link

hgc81538 commented Aug 12, 2022

Only set this header to html.

<ifModule mod_headers.c>
Header always set Content-Security-Policy "upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text/html#"
</IfModule>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment