Bug 1622066 [wpt PR 22223] - InsecureRequestPolicy: Add WPTs for subresource fetching from workers, a=testonly
authorEriko Kurimoto <elkurin@google.com>
Sat, 14 Mar 2020 11:28:17 +0000
changeset 518836 de8e977f2569f494a95830e63c57d280225e2e71
parent 518835 7f39fa2a2626c839fd32230e6f254f2009d56fe5
child 518837 ea93b29b3730ecb9638b270bfd4348028bde8b96
push id37217
push userccoroiu@mozilla.com
push dateSun, 15 Mar 2020 21:37:59 +0000
treeherdermozilla-central@f9fc9427476e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1622066, 22223, 989399, 2077321, 749578
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1622066 [wpt PR 22223] - InsecureRequestPolicy: Add WPTs for subresource fetching from workers, a=testonly Automatic update from web-platform-tests InsecureRequestPolicy: Add WPTs for subresource fetching from workers This CL adds tests for subresource fetching from HTTP(S) scheme url dedicated workers and shared workers. Currently, we have subresource fetching tests from ONLY data: URL dedicated workers . In this CL, we improve the test coverage by adding subresource fetching tests from HTTP(S) scheme url workers which are more normal. Bug: 989399 Change-Id: Icf83cd359fa64df94c5ff93210c7a1c7bce12944 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2077321 Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Commit-Queue: Eriko Kurimoto <elkurin@google.com> Cr-Commit-Position: refs/heads/master@{#749578} -- wpt-commits: 8916fa4113bf2a2724822f0b0c726d3a5705dd64 wpt-pr: 22223
testing/web-platform/tests/common/security-features/scope/worker.py
testing/web-platform/tests/common/security-features/tools/util.py
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
testing/web-platform/tests/upgrade-insecure-requests/generic/spec_json.js
testing/web-platform/tests/upgrade-insecure-requests/spec.src.json
--- a/testing/web-platform/tests/common/security-features/scope/worker.py
+++ b/testing/web-platform/tests/common/security-features/scope/worker.py
@@ -20,16 +20,18 @@ def main(request, response):
   for delivery in policyDeliveries:
     if delivery['deliveryType'] == 'meta':
       error = '<meta> cannot be used in WorkerGlobalScope'
     elif delivery['deliveryType'] == 'http-rp':
       if delivery['key'] == 'referrerPolicy':
         maybe_additional_headers['Referrer-Policy'] = delivery['value']
       elif delivery['key'] == 'mixedContent' and delivery['value'] == 'opt-in':
         maybe_additional_headers['Content-Security-Policy'] = 'block-all-mixed-content'
+      elif delivery['key'] == 'upgradeInsecureRequests' and delivery['value'] == 'upgrade':
+        maybe_additional_headers['Content-Security-Policy'] = 'upgrade-insecure-requests'
       else:
         error = 'invalid delivery key for http-rp: %s' % delivery['key']
     else:
       error = 'invalid deliveryType: %s' % delivery['deliveryType']
 
   handler = lambda: util.get_template('worker.js.template') % ({
       'import': import_line,
       'error': error
--- a/testing/web-platform/tests/common/security-features/tools/util.py
+++ b/testing/web-platform/tests/common/security-features/tools/util.py
@@ -148,16 +148,21 @@ class PolicyDelivery(object):
                 return PolicyDelivery(delivery_type, self.key, 'unsafe-url')
             else:
                 return PolicyDelivery(delivery_type, self.key, 'no-referrer')
         elif self.key == 'mixedContent':
             if self.value == 'opt-in':
                 return PolicyDelivery(delivery_type, self.key, None)
             else:
                 return PolicyDelivery(delivery_type, self.key, 'opt-in')
+        elif self.key == 'upgradeInsecureRequests':
+            if self.value == 'upgrade':
+                return PolicyDelivery(delivery_type, self.key, None)
+            else:
+                return PolicyDelivery(delivery_type, self.key, 'upgrade')
         else:
             raise Exception('delivery key is invalid: ' + self.key)
 
 
 class SourceContext(object):
     def __init__(self, source_context_type, policy_deliveries):
         # type: (unicode, typing.List[PolicyDelivery]) -> None
         self.source_context_type = source_context_type
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "sharedworker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="With upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy: upgrade-insecure-requests
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-ws-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-classic",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "worker-module",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http-downgrade",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "upgradeInsecureRequests",
+                  "value": "upgrade"
+                }
+              ],
+              "sourceContextType": "worker-module"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "xhr",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+  <head>
+    <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="No upgrade-insecure-request">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+    <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http-downgrade",
+          "redirection": "downgrade",
+          "source_context_list": [
+            {
+              "policyDeliveries": [