Directive: block all mixed content

Overview

Caution

Obsolete: This feature is no longer recommended. This directive is marked as obsolete in the specification: all mixed content is now blocked if it can't be autoupgraded. Use upgrade‐insecure‐requests instead. [MIXED-CONTENT-STRICT]

Note

This is an extension to CSP, which is defined in W3C: Mixed Content.

The block-all-mixed-content directive prevents loading any assets over HTTP when the page uses HTTPS.

All mixed content resource requests are blocked, including both active and passive mixed content. This also applies to <iframe> documents, ensuring the entire page is mixed content-free.

Usage examples

It is either on or off. It has no value.

block-all-mixed-content

Fallbacks

❌ block-all-mixed-content does not fallback to default-src.

Possible errors

CSP-0801 — [ERROR] directive block-all-mixed-content is obsolete; use upgrade-insecure-requests instead

References

Content licensed under CC BY-SA.

Legend

🧪 Experimental, with limited support
⚠️ Important notes on usage
🚫 Deprecated or obsolete

Directive: block all mixed content

Overview

Usage examples

Fallbacks

Possible errors

References

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Legend

Directives

Errors

Headers

ABNF

Clone this wiki locally