Upgrade-Insecure-Requests

Upgrade-Insecure-Requests 是一个请求首部，用来向服务器端发送信号，表示客户端优先选择加密及带有身份验证的响应，并且它可以成功处理 upgrade-insecure-requests CSP 指令。

Upgrade-Insecure-Requests: 1

客户端向服务器端发送信号表示它支持 upgrade-insecure-requests 的升级机制：

GET / HTTP/1.1
Host: example.com
Upgrade-Insecure-Requests: 1

服务器现在可以重定向到这个站点的安全版本。在响应中可以添加一个 Vary  首部，这样的话，响应就不会被缓存服务器提供给不支持升级机制的客户端了。

Location: https://example.com/
Vary: Upgrade-Insecure-Requests

The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.

• Content-Security-Policy
• CSP upgrade-insecure-requests directive