Header set Content-Security-Policy: upgrade-insecure-requests env=HTTPS