vary CSP header for HTTP and HTTPS, and secure cookies
Slightly ugly on the CSP, but a "set" followed by an "edit" didn't work, it required a second "set" to override the first.
Edited by Jesse Norell
Slightly ugly on the CSP, but a "set" followed by an "edit" didn't work, it required a second "set" to override the first.