|
|
|
|
|
|
by yvan
3448 days ago
|
|
|
Well, in our case that was the easiest thing to pick, thanks to the Report-Only option on the CSP header, we enabled it and in about a week, we got all our insecure links and resources. We could also set a header forcing the browser to upgrade to secure when the resources are in the same domain. |
|
|