Reputation: 1643
Redirect to https / HSTS script only works occasionally
Well, I think the title says it all …
In my .htaccess file I've copied this code (from the internet):
Header set Strict-Transport-Security "max-age=10886400"
I'm not sure if it does what I think it does. It should simply redirect to https … so if I load exampledomain.com it should become https://exampledomain.com and NOT http://exampledomain.com
The problem is: it works … sometimes and sometimes it doesn't work … so I ask my self: does this make sense?
Would be nice if anyone could explain this functionality to me … or tell me if I did something completely wrong?
THX!
Upvotes: 0
Views: 171
Answers (1)
Reputation: 10889
HSTS headers over HTTP are ignored.
You first need to redirect your visitors to HTTPS, and once your site is accessed using HTTPS it should return the Strict-Transport-Security header. The browser will then record this information, so future attempts to load the site using HTTP will automatically use HTTPS instead.
You can use this rewrite rule in your .htaccess to redirect from http to https:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Upvotes: 1
Related Questions
- Not redirecting from http to https automatically using .htaccess
- htaccess redirects but issue with https
- Redirect https not working as expected
- Force HTTPS too many redirect with .htaccess, how to resolve?
- .htaccess redirect to HTTPS doesn't work correctly
- .htaccess https redirect failing
- http redirects to https unless one page
- 301 Redirect and HSTS in .htaccess
- http to https causing redirect loop
- forcing HTTPS with .htaccess resulting in redirect loop