August 23, 2022

Upgrade Insecure Requests on Nginx

“Upgrade Insecure Requests” is a CSP (Content Security Policy) directive that allows you to indicate to HTTP clients/browsers that all resources must be accessed via HTTPS.

To enable it on the Nginx web server, you just need to add the script to your Nginx configuration file.

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

Be aware that upgrade-insecure-requests is not supported in all browsers, e.g. Safari and IE.