1. 面向开发者的 Web 技术
  2. HTTP
  3. 参考
  4. HTTP 标头
  5. Upgrade-Insecure-Requests

此页面由社区从英文翻译而来。了解更多并加入 MDN Web Docs 社区。

View in English Always switch to English

Upgrade-Insecure-Requests

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨2018年4月⁩.

Upgrade-Insecure-Requests 是一个请求首部,用来向服务器端发送信号,表示客户端优先选择加密及带有身份验证的响应,并且它可以成功处理 upgrade-insecure-requests CSP 指令。

Header type Request header
Forbidden header name no

语法

Upgrade-Insecure-Requests: 1

示例

客户端向服务器端发送信号表示它支持 upgrade-insecure-requests 的升级机制:

GET / HTTP/1.1
Host: example.com
Upgrade-Insecure-Requests: 1

服务器现在可以重定向到这个站点的安全版本。在响应中可以添加一个 Vary 首部,这样的话,响应就不会被缓存服务器提供给不支持升级机制的客户端了。

Location: https://example.com/
Vary: Upgrade-Insecure-Requests

规范

Specification
Upgrade Insecure Requests
# preference

浏览器兼容性

参见

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content