Product
HTTP Interceptor

A Power HTTP Interceptor to Intercept, Record, Debug & Modify HTTP Requests

API Client

A lightweight and secure API Client for faster API Development & Testing

API Mocking

Build frontend faster without waiting for backend.

Solutions
Frontend Web/Mobile Developers

Requestly improves front-end workflows with local JS testing, mocking, and SessionBook debugging.

For QA engineers

QA engineers love Requestly for its features and ease of use, allowing easy edge case testing.

Support Engineer

Support engineers value Requestly for debugging, demoing, and overriding GTM and Adobe scripts.

Backend Developers

Requestly helps in improving back-end development workflows, by enabling testing.

Pricing
Resources
Pricing
Blog
Case Studies
Status
Github
Release Note
Student Programme
🎉 Requestly joins BrowserStack to build the future of application testing. Read more

HTTP Headers

Upgrade Insecure Requests

HTTP Header

The HTTP Upgrade-Insecure-Requests request header signals to the server that the client prefers an encrypted and authenticated response. It also indicates that the client can properly handle the upgrade-insecure-requests Content Security Policy (CSP) directive.

Syntax

Upgrade-Insecure-Requests: <boolean>

Directives

<boolean>
The value 1 indicates ‘true’. This is the only valid value for this field.

Example

Using Upgrade-Insecure-Requests

A client’s request indicates to the server that it supports upgrading insecure requests to secure ones, by including the header upgrade-insecure-requests:

GET / HTTP/1.1
Host: example.com
Upgrade-Insecure-Requests: 1

The server can respond by redirecting the client to a secure version of the site. To prevent caches from serving the insecure version to clients that support the upgrade, a Vary header can be used:

Location: https://example.com/
Vary: Upgrade-Insecure-Requests

How to Modify Header using Requestly

Requestly is a powerful Chrome extension that allows you to modify HTTP headers, including the Upgrade Insecure Requests header. This header is used by browsers to signal whether they should automatically upgrade HTTP requests to HTTPS. Modifying this header can help you test how your website or app behaves when upgrading or blocking insecure requests. Steps to Modify the Upgrade Insecure Requests Header:

  1. Install and open the Requestly Chrome extension. You can find it on the Chrome Web Store.
  2. Create a new rule: Click on “Create Rule” and choose “Modify Headers” from the list of available rule types.
  3. Add a new header modification:
    • Under “Action”, select “Add” or “Override”.
    • In the “Header Name” field, enter Upgrade-Insecure-Requests.
    • In the “Header Value” field, enter 1 to enable upgrading or 0 to disable it.
  4. Set the URL condition: Specify the URL or pattern where this header change should apply (e.g., https://your-site.com/*).
  5. Save the rule.

Once set up, Requestly will inject the Upgrade-Insecure-Requests header with your specified value into all matching requests, allowing you to test how your site responds to secure and insecure content requests.