I have a client whose site includes iFrame, the link within that is not https, what I need to know is if I get that type of link from the originator of the link, will it render? or is there a way I can give this link permission to show up within Cloudflare?
I did a search and did read the mixed use content, makes no sense to me, in regards to this issue.
If that iframe can load over HTTPS (that is…their server supports HTTPS), then you can force HTTPS by adding this line in your .htaccess file: Header always set Content-Security-Policy: upgrade-insecure-requests
Note: Every effort is made to ensure that this email and attachments if any are virus, malware free.
The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
When you reply by email, your company email adds that disclaimer footer. Since you replied to my message, but it got publicly posted, Sandro was compelled to alert you to the leak. He’s funny that way.
Regarding the solution, did you add that line of code to your .htaccess file?