https

Getting started with https

Remarks#

This section provides an overview of what https is, and why a developer might want to use it.

It should also mention any large subjects within https, and link out to the related topics. Since the Documentation for https is new, you may need to create initial versions of those related topics.

Getting started with HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is an encrypted version of HTTP protocol, most often used in connection with services where only the sender and receiver must know the message. It’s required if you handle credit card information, and will improve your rank on Google.

To enable HTTPS you need to check if your web host supports it—if you don’t know you can ask their support for help and information about it. Some web hosts may take some money for it.

Important!: Your HTTPS needs to use sha2 or sha3 (sha1 is blocked by Chrome, Firefox, Edge and IE)


When you have enabled HTTPS on your web host, you can use HTTPS. But the browser does not use HTTPS as default; the best way to make sure that all traffic runs on HTTPS is by using a .htaccess file and adding it to the root of your website.

The .htaccess file

RewriteEngine On

# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on

# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will change the https:// to https://.

NOTE: .htaccess is a system file, and can’t be seen by default. How to show .htaccess


This modified text is an extract of the original Stack Overflow Documentation created by the contributors and released under CC BY-SA 3.0 This website is not affiliated with Stack Overflow