bramus / mixed-content-scan

Scan your HTTPS-enabled website for Mixed Content
MIT License
522 stars 51 forks source link

Take `Content-Security-Policy: upgrade-insecure-requests` into account. #25

Open bramus opened 9 years ago

bramus commented 9 years ago

The new upgrade-insecure-requests Content Security Policy directive can be used to transparently upgrade insecure resource requests to secure variants. This avoids the mixed content warnings without having to modify the HTML documents at all.

Source: https://dev.opera.com/blog/opera-30/ More details: http://www.w3.org/TR/upgrade-insecure-requests/

mathiasbynens commented 9 years ago

The living spec is here: https://w3c.github.io/webappsec/specs/upgrade/ (Don’t link to TR copies)

michaelblyons commented 7 years ago

If you add this, please include an option to disable it for the purposes of scanning.