The website is deployed with HTTPS, but the browser prompts that it is not secure

After the website deploys HTTPS (Hypertext Transfer Security Protocol), the browser prompts that it is not secure? This is caused by the non-HTTPS resource being called in the webpage. It can be viewed in the browser F12 development and debugging tools, for example: Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure image ‘ /2021/1/3.png’. 

In the https page, if the http resource is called, there will be some errors in the browser. For some websites that have not enabled HTTPS before and then will inevitably encounter such problems.


Adding  Upgrade-Insecure-Requestsit to the header will tell the browser to upgrade all http connections belonging to this site to https connections, and the outbound request will remain the default.

nginx add method

        server {
            listen 80;
            server_name (myservername);
            add_header Content-Security-Policy "upgrade-insecure-requests";
            location / {    
                proxy_pass         http://localhost:5000;

apache add method

Add the following content to the website root directory .htaccess:

<IFModule mod_headers.c>
  Header add Content-Security-Policy upgrade-insecure-requests

iis7 add method

In the website root directory web.config add:

<?xml version="1.0" encoding="UTF-8"?>
<add name="Content-Security-Policy" value="upgrade-insecure-requests" />

Note: Before performing the above operations, please back up the corresponding configuration files.

Leave a Comment