HTTP Strict Transport Security (HSTS) is a security mechanism in which a website informs the browser that all future requests must be made via HTTPS. Using HSTS will force all future requests to the current domain name to use https: // URLs, even if the user tries to access links using http: // URLs.
You can enable HSTS headers by adding the following to a .htaccess file in your application's web root directory ( public_html ):
Once you've enabled HSTS, you're committed to SSL. You won't be able to go back to plain HTTP for your application.
Worldwide (English)
Mozambique (Portuguese)# Using this header, any browser accessing the site via HTTPS will not
# be able to access the regular HTTP site for a year (31536000 seconds).
# Once you start using this, you shouldn't stop using SSL on your site or
# your returning visitors won't be able to access your site.
Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS