content-security-policy conditional on $_SERVER
<?php
//* Add Content Security Policy for HTTPS
add_action( 'wp_head', 's9_csp_meta_tag' );
function s9_csp_meta_tag() {
if(isset($_SERVER['HTTPS'])) {
if ($_SERVER['HTTPS'] == "on") {
echo '<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">';
}
}
}