The Upgrade Insecure Requests directive is part of the Content Security Policy header, and is intended to prevent Mixed Content issues. It instructs the browser to upgrade all HTTP resource requests to the site to HTTPS before they are sent.
The directive helps prevent most Mixed Content issues by automatically upgrading HTTP subresources on the website to HTTPS. Note that the actual transition of your entire WordPress site to SSL still relies on a proper 301 redirect to https://. The directive also does not provide the HTTPS enforcement guarantees of the Strict Transport Security (HSTS) header, which should be enabled separately.
Just like other Security Headers, the content-security-policy: upgrade-insecure-requests header can be configured via the .htaccess (Apache), nginx.conf (Nginx) configuration files or with PHP.
Really Simple Security Pro allows site administrators to easily configure all of the recommended Security Headers directly via the WordPress Admin interface.