Upgrade-Insecure-Requests
是一个请求首部,用来向服务器端发送信号,表示客户端优先选择加密及带有身份验证的响应,并且它可以成功处理 upgrade-insecure-requests
CSP 指令。
Header type | Request header |
---|---|
Forbidden header name | no |
语法
Upgrade-Insecure-Requests: 1
示例
客户端向服务器端发送信号表示它支持 upgrade-insecure-requests
的升级机制:
GET / HTTP/1.1 Host: example.com Upgrade-Insecure-Requests: 1
服务器现在可以重定向到这个站点的安全版本。在响应中可以添加一个 Vary
首部,这样的话,响应就不会被缓存服务器提供给不支持升级机制的客户端了。
Location: https://example.com/ Vary: Upgrade-Insecure-Requests
规范
Specification | Status | Comment |
---|---|---|
Upgrade Insecure Requests upgrade-insecure-requests |
Candidate Recommendation | Initial definition. |
浏览器兼容性
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Upgrade-Insecure-Requests | Chrome Full support 44 | Edge Full support 17 | Firefox Full support 48 | IE No support No | Opera Full support 31 | Safari Full support 10.1 | WebView Android Full support 44 | Chrome Android Full support 44 | Firefox Android Full support 48 | Opera Android Full support 32 | Safari iOS Full support 10.3 | Samsung Internet Android Full support 4.0 |
Legend
- Full support
- Full support
- No support
- No support
相关内容
Content-Security-Policy
- CSP
upgrade-insecure-requests
directive