I want to set a Content-Policy-Header to upgrade-insecure-requests for my website. Here’re the rules I added (one at a time) to do this in the .httaccess file:
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src https:"
Header set Content-Security-Policy "upgrade-insecure-requests"
</IfModule>
None of them are working! How can I solve this?
What is happening that shouldn’t, or what is not happening that should?
Would like to know if there’s anything wrong in the code.
Are you sure mod_headers is installed on the server? If you don’t know, ask your hosting company.
Sorry! The headers are working! Cache was the problem!
This validation may be useful, it has detailed suggestions on improvements.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.