HTTP headers | Upgrade-Insecure-Requests

Read

Discuss

The HTTP header Upgrade-Insecure-Requests is a request type header. It sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and it can successfully handle the upgrade-insecure-requests HTTP headers Content-Security-Policy directive.

Syntax:

Upgrade-Insecure-Requests: 1

Directives: The HTTP Upgrade-Insecure-Requests header does not accepts any directives. It acts as directives with some headers, like Content-Security-Policy for the handling of CSP. With Vary header, it works as a directive containing the value of 1.

Example:

A client request signals to the server that supports the upgrade mechanisms of upgrade-insecure-requests:
```
GET / HTTP/1.0
Host: geeksforgeeks.org
Upgrade-Insecure-Requests: 1
```
The server can now redirect to a secure version of the site. An HTTP header Vary can be used so that the site isn’t served by caches to clients that don’t support the upgrade mechanism:
```
Location: https://www.geeksforgeeks.org
Vary: Upgrade-Insecure-Requests
```

To check this Upgrade-Insecure-Requests in action, go to Inspect Element -> Network check the request header forUpgrade-Insecure-Requests like below, Upgrade-Insecure-Requests is highlighted you can see.

Supported Browsers: The browsers are compatible with HTTP Upgrade-Insecure-Requests header are listed below:

Google Chrome
Microsoft Edge
Firefox
Opera
Safari

Whether you're preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, GeeksforGeeks Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we've already empowered, and we're here to do the same for you. Don't miss out - check it out now!

Last Updated : 07 Nov, 2019

HTTP headers | Content-Security-Policy

HTTP headers | Want-Digest

HTTP headers | Upgrade-Insecure-Requests

Please Login to comment...