Deprecated: This feature has been deprecated and may be removed in future versions. It is recommended to use alternative approaches.
block-all-mixed-content
Theblock-all-mixed-content directive prevents the browser from loading any mixed content, ensuring that all resources are loaded over HTTPS. This directive helps maintain the security of your web application by preventing potential man-in-the-middle attacks.
Example Configuration
Basic block-all-mixed-content configuration
Content-Security-Policy: block-all-mixed-content;Examples
Allowed
HTTPS content is allowed
<img src="https://example.com/image.jpg">Blocked
HTTP content is blocked
<img src="http://example.com/image.jpg"> <!-- will be blocked -->Additional Information
- Consider using the
upgrade-insecure-requestsdirective instead