For added security, you can tell all clients to always use https, even if there is an http link from somewhere. HSTS will silently change the request to use https without needing to be asked, so at no point is http ever used (except on the first attempt, where the browser is given the header, then never asks again). To set up HSTS, add this to your public_html/.htaccess file:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS


Note: This means you cannot connect to http again, even if you wanted to, 
so this usually only applies to sites that only ever use https, and never want http.


About the Author

Avatar photo



您的电子邮箱地址不会被公开。 必填项已用 * 标注