Troy Hunt: Disqus' mixed content problem and fixing it with a CSP
⚖ Browsers support for the Content Security Policy upgrade-insecure-requests directive for load all http: resources through https: at the browser level; automatic updating of insecure HTTP requests to a secure HTTPS throughout
Securing your website
⚖ Browsers support for the Content Security Policy upgrade-insecure-requests directive for load all http: resources through https: at the browser level; automatic updating of insecure HTTP requests to a secure HTTPS throughout