← Back to release summary

Upgrade insecure requests

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 43)

Intent stage

None

Summary

We encourage authors to transition their sites and applications away from insecure transport, and onto encrypted and authenticated connections, but mixed content checking causes headaches. This feature allows authors to ask the user agent to transparently upgrade HTTP resources to HTTPS to ease the migration burden.

Standards & signals

• Specification: https://w3c.github.io/webappsec/specs/upgrade/
• Firefox: Shipped/Shipping
• Safari: Shipped/Shipping
• Web developers: Positive
• Tracking bug: https://crbug.com/455674

Docs: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#upgrade-insecure-requests

Samples: https://github.com/GoogleChrome/samples/tree/gh-pages/csp-upgrade-insecure-requests

View on chromestatus.com