SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Migrate easily to HTTP with the Upgrade Insecure Requests CSP directive

"Upgrade Insecure Requests" is a CSP (Content Security Policy) directive that allows you to indicate to HTTP clients/browsers that all resources must be accessed via HTTPS.

This allows you to migrate more easily to HTTPS websites or webapps that contain a great number of HTTP-declared resources. Your resources will automatically be requested on HTTPS by the client/browser, without any mixed content alert.

You will of course need your resource servers to be accessible using HTTPS.

Support

Upgrade Insecure Requests is supported by Mozilla Firefox (42+), Google Chrome (43+), Microsoft Edge (Build 17134+), Opera (30+), le navigateur Android (56+), (Chrome pour Android, Safari Mac 0.1+), Safari iOS (10.3+), amongst others.

Internet Explorer is not compatible

Implementation

To implement this feature on your web server, you only need to declare a new HTTP header in your site's configuration.

Apache

For Apache, you will first need to load the header module. For instance:

LoadModule headers_module modules/mod_headers.so

You will then need to charge the header in your virtual host:

Header always set Content-Security-Policy "upgrade-insecure-requests;"

IIS

IIS allows you to add custom HTTP headers. You just have to add a header with the name Content-Security-Policy and the value upgrade-insecure-requests;.

Nginx

For Nginx, you just have to add the following instruction to your server block:

add_header Content-Security-Policy upgrade-insecure-requests;

Lighthttpd

You will first need to load the setEnv module by adding this instruction to your configuration:

server.modules += ( "mod_setenv" )

Then, you can enable it for your site:

setenv.add-response-header = ( "Content-Security-Policy" => "upgrade-insecure-requests;" )

Others

You can configure this feature on all servers allowing you to configure your HTTP headers by adding a "Content-Security-Policy" header with the value "upgrade-insecure-requests;".

Additional ressources

  • If your site is already fully accessible in HTTPS, resources and links included, and that you want to enable HTTPS by default, you can use HSTS.