Getting started with https

Other topics

Remarks:

This section provides an overview of what https is, and why a developer might want to use it.

It should also mention any large subjects within https, and link out to the related topics. Since the Documentation for https is new, you may need to create initial versions of those related topics.

Getting started with HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is an encrypted version of HTTP protocol, most often used in connection with services where only the sender and receiver must know the message. It's required if you handle credit card information, and will improve your rank on Google.

To enable HTTPS you need to check if your web host supports it—if you don't know you can ask their support for help and information about it. Some web hosts may take some money for it.

Important!: Your HTTPS needs to use sha2 or sha3 (sha1 is blocked by Chrome, Firefox, Edge and IE)


When you have enabled HTTPS on your web host, you can use HTTPS. But the browser does not use HTTPS as default; the best way to make sure that all traffic runs on HTTPS is by using a .htaccess file and adding it to the root of your website.

The .htaccess file

RewriteEngine On

# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on

# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will change the http:// to https://.

NOTE: .htaccess is a system file, and can't be seen by default. How to show .htaccess

Contributors

Topic Id: 2910

Example Ids: 26095

This site is not affiliated with any of the contributors.