Mixed Content Secure

This page uses HTTPS-only assets. A Content Security Policy with upgrade-insecure-requests coerces any stray http:// references to HTTPS.

Parent protocol: CSP: upgrade-insecure-requests

Auto-Upgrade — Script

CSP upgrade

Why it’s good: if a developer accidentally uses http:// for a script that is available over HTTPS, CSP upgrades it automatically, preserving integrity.

  1. Click Load (declared HTTP). CSP upgrades to HTTPS automatically.
  2. We check if jQuery is available to confirm execution.
Waiting…

HTTPS-only — Image

no mixed content

We load an image over HTTPS to avoid mixed content entirely.

  1. Click Load HTTPS image — uses https://www.badssl.com/favicon.ico.
Waiting…