CSP missing upgrade-insecure-requests

A Content Security Policy (CSP) was detected but it is missing the upgrade-insecure-requests directive. This directive automatically upgrades any accidental HTTP links on your page to the secure HTTPS version. If any resource on your page is ever accidentally linked over HTTP instead of HTTPS, it can trigger a browser security warning or allow the content to be intercepted. This directive is a simple safety net that prevents that. Add upgrade-insecure-requests to your existing Content-Security-Policy response header. It requires no other configuration changes and acts as a passive safety net alongside your existing HTTPS setup.