HTTP Strict Transport Security (HSTS) is a security mechanism in which a website tells the browser that all future requests should be made over HTTPS. Using HSTS will force all future requests to the current domain name to use https:// URLs even if the user attempts to go to links using http:// URLs.

You can enable HSTS headers by adding the following in a .htaccess file in your app's web root directory (public):

# Using this header, any browser that accesses the site over HTTPS will not
# be able to access the plain HTTP site for one year (31536000 seconds).
# One you begin using this, you should not stop using SSL on your site or
# else your returning visitors will not be able to access your site at all.
Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
Once you enable HSTS, you are committed to SSL. You will not be able to go back to plain HTTP for your app.

If you want to force users to HTTPS, you will still need to redirect from HTTP to HTTPS.

Alert: For Control Panel Help & Tutorials, click here: Panel Tutorials
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Block Brute Force Attacks in WordPress

A brute force attack on WordPress occurs when an attacker attempts to log in to WordPress by...
How to Block IPs with CloudFlare

If you use CloudFlare for your site, you can change your settings to block visitors by IP range....
How to Check WordPress Plugins and Themes for Vulnerabilities

Vulnerable plugins and themes are the leading causes of WordPress compromises. To ensure the...
How to Configure Protect in WordPress

Protect is a key part of WordPress's Jetpack plugin that helps block brute force attacks against...
How to Create a Strong Password

The strength of your password is one of the most important factors in determining the ability of...