HTTP Header

Upgrade-Insecure-Requests

Request

Signals that the client prefers an encrypted and authenticated response.

HTTP header reference, syntax, examples, and developer usage.

What is the Upgrade-Insecure-Requests header?

The Upgrade-Insecure-Requests HTTP header is used to transmit metadata between a client and server as part of HTTP requests or responses.

HTTP headers define how content should be interpreted, cached, authenticated, secured, or processed by browsers and APIs.

Direction

This is a request header sent by the client to the server.

Syntax

Upgrade-Insecure-Requests: 1

Example

Upgrade-Insecure-Requests: 1

Common use cases

Automatically upgrading HTTP requests to HTTPS
Improving security for users navigating to legacy HTTP URLs

Common mistakes

Using the header in the wrong request or response context
Sending invalid header values
Incorrect header syntax
Assuming the header automatically changes server behaviour

Practical developer insight

Browsers send this header automatically when navigating to HTTP URLs. It is a hint to the server and is typically paired with redirects or CSP directives. It does not guarantee a secure connection by itself.