page - iframe - status
http - http - allowed
http - https - allowed
https- http - not allowed https嵌套http不支持
https- https - allowed
https - https - insecure scripts - not allowed (不安全的腳本 雖然兩個都是https,腳本不安全瀏覽器會阻止)
https - https - inscure images - allowed but the browser will warn
https/http全支持的情況下可以考慮:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">