nginx: add Upgrade Insecure Requests

http://caniuse.com/#feat=upgradeinsecurerequests

etc/nginx/sites-enabled/host

@@ -33,6 +33,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     # OCSP Stapling ---
     # fetch OCSP records from URL in ssl_certificate and cache them

etc/nginx/sites-enabled/rproxy

@@ -7,6 +7,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     server_name something.example.org;
 

etc/nginx/sites-enabled/vhost

@@ -9,6 +9,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     root /var/www/vhostdir;
     index index.php index.html index.htm;