This article discusses HTTP Strict Transport Security (HSTS), and how to enable it for your site.
HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.
When HSTS is enabled for a site, web browsers automatically change any insecure requests (http://) to secure requests (https://). All you need to do to enable HSTS is add a header to your site's .htaccess file. Web browsers recognize this header, and then take care of the rest without any further intervention on your part.
To enable HSTS for your site, follow these steps:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Save your changes to the .htaccess file. HSTS is now enabled for your site.
For more information about HSTS, please visit https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security.