Home Forums General issues Unrecognized Content-Security-Policy directive 'upgrade-insecure-requests'

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #115203 Reply
    Janneke Wijma
    Guest

    Hi!

    At Google Search Console I get the message “Unrecognized Content-Security-Policy directive ‘upgrade-insecure-requests'” for my website. I found https://googlechrome.github.io/samples/csp-upgrade-insecure-requests/, but do not know how to take it further.
    Does it has anything to do with the settings in SSL?
    I see there:
    – Je site is nog niet geconfigureerd voor de HSTS preload lijst. Lees de documentatie goed door voor je je aanmeldt. Schakel de preload lijst optie in
    – The mixed content fixer is not active on the admin panel. Enable this feature only when you have mixed content on the admin panel.

    #115221 Reply
    Mark
    Keymaster

    Hi Janneke,

    on which site are you experiencing this issue? The ‘upgrade insecure requests’ option adds that header. Could you provide me with your site address so I can have a look?

    Mark

    #115403 Reply
    Rogier
    Keymaster

    This header is a valid header, but it’s possible Google does not recognize it. If you want you can disable it in settings/ssl

    #115571 Reply
    Janneke Wijma
    Guest

    Hi Mark, op incosi.com.

    #115575 Reply
    Mark
    Keymaster

    The header seems to be set properly, a redirect check returns

    Content-Security-Policy: upgrade-insecure-requests;

    If Google still returns an error, you can disable the option in the plugin settings.

    Mark

    #115846 Reply
    Janneke Wijma
    Guest

    Thanks! In Replace mixed content automatically?

    #115849 Reply
    Rogier
    Keymaster

    Google does not return an error as such, only does not recognise it. Google has forgotten to add this header to the list of headers they know. So the error is with the Google report, not with the header.

    In settings/ssl there is a setting “upgrade insecure requests” where you can disable it.

    #152025 Reply
    Guntis Endzelis
    Guest

    > In settings/ssl
    Where do I need to go to change the settings?

    #152040 Reply
    Mark
    Keymaster

    Hi Guntis,

    if you have this error you can disable the ‘Add header to force insecure requests over https’ option in Settings->SSL.

    Mark

    #250653 Reply
    safi
    Guest

    hi
    I faced same error but ob my blog at blogger
    I don’t know how to solve
    Im not into programming at all

    #250785 Reply
    Mark
    Keymaster

    Hi,

    Really Simple SSL is for WordPress only, we cannot help you with blogger questions. I’d suggest to contact blogger with your question.

Viewing 11 posts - 1 through 11 (of 11 total)
Reply To: Unrecognized Content-Security-Policy directive 'upgrade-insecure-requests'
Your information: