Force all internal links to use https

    The   Content-Security-Policy header is extremely powerful way to protect your site against a number of attacks.  However, it can also be used to ensure that all internal links of your site are served by https rather than http. This can be especially useful if you have a lot of legacy links referring to http content. 

    You can simply insert this in the header of the site using the tools Magento  provides.

      <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

    Where you add this depends on the version of Magento 2 you are using:

    Older Versions
    Store > Configuration > Web > HTML head > Miscellaneous Scripts > 



    In newer versions 
    Content > Design > Configuration > Edit your global  view > HTML Head > Scripts and Style Sheets


    Published