referrer-policy/generic/iframe-upgrade-request-to-same-origin.sub.https.html.headers

Content-Security-Policy: upgrade-insecure-requests
Referrer-Policy: origin-when-cross-origin