The HTTP header Upgrade-Insecure-Requests is a request type header. It sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and it can successfully handle the upgrade-insecure-requests HTTP headers Content-Security-Policy directive.
Directives: The HTTP Upgrade-Insecure-Requests header does not accepts any directives. It acts as directives with some headers, like Content-Security-Policy for the handling of CSP. With Vary header, it works as a directive containing the value of 1.
- A client request signals to the server that supports the upgrade mechanisms of upgrade-insecure-requests:
GET / HTTP/1.0 Host: geeksforgeeks.org Upgrade-Insecure-Requests: 1
- The server can now redirect to a secure version of the site. An HTTP header Vary can be used so that the site isn’t served by caches to clients that don’t support the upgrade mechanism:
Location: https://www.geeksforgeeks.org Vary: Upgrade-Insecure-Requests
To check this Upgrade-Insecure-Requests in action, go to Inspect Element -> Network check the request header forUpgrade-Insecure-Requests like below, Upgrade-Insecure-Requests is highlighted you can see.
Supported Browsers: The browsers are compatible with HTTP Upgrade-Insecure-Requests header are listed below:
- Google Chrome
- Microsoft Edge
- HTTP headers | Age
- HTTP headers | Via
- HTTP headers | Last-Modified
- HTTP headers | Host
- HTTP headers | X-XSS-Protection
- HTTP headers | Set-Cookie2
- HTTP headers | If-None-Match
- HTTP headers | Accept
- HTTP headers | Origin
- HTTP headers | X-Forwarded-For
- HTTP headers | Trailer
- HTTP headers | Date
- HTTP headers | Retry-After
- HTTP headers | Digest
- HTTP headers | Range
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.