The
Content-Security-Policy header is extremely powerful way to protect your site against a number of attacks. However, it can also be used to ensure that all internal links of your site are served by https rather than http. This can be especially useful if you have a lot of legacy links referring to http content.
You can simply insert this in the header of the site using the tools Magento provides.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
To add:
System > config > general > design