v6.6.0

• CSP: Removed deprecated header block-all-mixed-content and replaced it with a recommendation to use the already supported upgrade-insecure-requests instead.