When ssl is enabled only allow https content within the site

src/freedombone-utils-web

     echo '    ssl_prefer_server_ciphers on;' >> $filename
     echo "    ssl_protocols $SSL_PROTOCOLS;" >> $filename
     echo "    ssl_ciphers '$SSL_CIPHERS';" >> $filename
+    echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> $filename
     #nginx_stapling $1
 }