Not all recommended security headers are installed
⚖ Browsers support for the Content Security Policy upgrade-insecure-requests directive for load all http: resources through https: at the browser level; automatic updating of insecure HTTP requests to a secure HTTPS throughout
Securing your website
Content Security Policy Management in Sitecore | Layer One
Fixing mixed content
What is a Content Security Policy (CSP) and why is it important?