I want to set a Content-Policy-Header to upgrade-insecure-requests for my website. Here’re the rules I added (one at a time) to do this in the .httaccess file:
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src https:"
Header set Content-Security-Policy "upgrade-insecure-requests"
</IfModule>