Add HTTP response header as below on IIS
Content-Security-Policy : upgrade-insecure-requests
Above will treat http request as secured.
Add a rule as below between <rules></rules> section
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
Content-Security-Policy : upgrade-insecure-requests
Above will treat http request as secured.
Add a rule as below between <rules></rules> section
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
