For added security, you can tell all clients to always use https, even if there is an http link from somewhere. HSTS will silently change the request to use https without needing to be asked, so at no point is http ever used (except on the first attempt, where the browser is given the header, then never asks again). To set up HSTS, add this to your
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Note: This means you cannot connect to http again, even if you wanted to,
so this usually only applies to sites that only ever use https, and never want http.