Content-Security-Policy: upgrade-insecure-requests
Referrer-Policy: origin-when-cross-origin