Upgrade Insecure Requests, and Mixed Content are W3C Candidate Recommendations

The Web Application Security Working Group has published Candidate Recommendations for two documents that help Web authors and users toward secure, authenticated browsing:

  • Upgrade Insecure Requests defines a mechanism which allows authors to instruct a user agent to upgrade a priori insecure resource requests to secure transport before fetching them.
  • Mixed Content describes how a user agent should handle fetching of content over unencrypted or unauthenticated connections in the context of an encrypted and authenticated document.