The "Upgrade Insecure Requests" Content Security Policy can be used to automatically upgrade insecure (e.g. http:) requests to a secure alternative (e.g. https:) before a browser fetches them.
In practice, this helps avoid mixed-content warnings when a page is accessed via https:, but it contains references to resources using absolute http: URLs.
Like other Content Security Policies, the recommend approach is to enable it via a HTTP response header:
add_header Content-Security-Policy upgrade-insecure-requests;
However, if you do not have control over the underlying web server, an
alternative is to include this meta tag in your HTML's
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">