Deprecated: This feature has been deprecated and may be removed in future versions. It is recommended to use alternative approaches.

block-all-mixed-content

The block-all-mixed-content directive prevents the browser from loading any mixed content, ensuring that all resources are loaded over HTTPS. This directive helps maintain the security of your web application by preventing potential man-in-the-middle attacks.

Example Configuration

Basic block-all-mixed-content configuration

Content-Security-Policy: block-all-mixed-content;

Examples

Allowed

HTTPS content is allowed

<img src="https://example.com/image.jpg">

Blocked

HTTP content is blocked

<img src="http://example.com/image.jpg"> <!-- will be blocked -->

Additional Information

  • Consider using the upgrade-insecure-requests directive instead

Related Resources

External Articles

Related Documentation Sections