Upgrade Insecure Requests is one of the directives of the Content Security Policy. It instructs the browser to upgrade all requests to the site to HTTPS.
The Upgrade Insecure requests directive can help to prevent Mixed Content issues by upgrading requests to HTTPS before they are even sent. It is a vital header to enforce SSL, in combination with HTTP Strict Transport Security (HSTS) and 301 redirects to HTTPS. Just like other security headers, the CSP: Upgrade-Insecure-Requests header is set via the .htaccess or nginx.conf configuration files, or via PHP.
Really Simple SSL Pro allows WordPress site administrators to easily set this essential security header.
