Passive Mixed Content over HTTPS occurs when a mixed content loaded over HTTP within an HTTPS page.If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted.
There are two technologies that helps the mixed content issues -
1. Using HTTP Strict Transport Security (HSTS), that enforces secure resource retrieval, even in the face of user mistakes (attempting to access your web site on port 80) and implementation mistake.
Set htacess Rule as -
Set htacess Rule as -
Header set Strict-Transport-Security "max-age=10886400; includeSubDomains;"
2. Content Security Policy (CSP) can be used to block insecure resource retrieval from third-party web sites.
2. Content Security Policy (CSP) can be used to block insecure resource retrieval from third-party web sites.
Set htacess Rule as -
Header set Content-Security-Policy "'self' domain.com"
No comments:
Post a Comment