HTTP headers | Upgrade-Insecure-Requests

The HTTP header Upgrade-Insecure-Requests is a request type header. It sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and it can successfully handle the upgrade-insecure-requests HTTP headers Content-Security-Policy directive.


Upgrade-Insecure-Requests: 1

Directives: The HTTP Upgrade-Insecure-Requests header does not accepts any directives. It acts as directives with some headers, like Content-Security-Policy for the handling of CSP. With Vary header, it works as a directive containing the value of 1.


  • A client request signals to the server that supports the upgrade mechanisms of upgrade-insecure-requests:
    GET / HTTP/1.0
    Upgrade-Insecure-Requests: 1
  • The server can now redirect to a secure version of the site. An HTTP header Vary can be used so that the site isn’t served by caches to clients that don’t support the upgrade mechanism:
    Vary: Upgrade-Insecure-Requests

To check this Upgrade-Insecure-Requests in action, go to Inspect Element -> Network check the request header forUpgrade-Insecure-Requests like below, Upgrade-Insecure-Requests is highlighted you can see.

Supported Browsers: The browsers are compatible with HTTP Upgrade-Insecure-Requests header are listed below:

  • Google Chrome
  • Microsoft Edge
  • Firefox
  • Opera
  • Safari
My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

Article Tags :

Be the First to upvote.

Please write to us at to report any issue with the above content.