TechQA.

How to set HSTS header from .htaccess to force loading assets via https

540 views Asked by At

After switching to https and adding following lines to .htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

Everything seems to be working fine - even if someone type http://mywebsite.com will be redirected to https://.

However, as per my understanding, HSTS should also enforce all content to be loaded via https if possible. Unfortunately, every now and then if someone makes a mistake and load some image (hosted on the same domain) via http:// instead of https:// Chrome will show a mixed content warning.

Did I make some mistake or my understanding of HSTS is wrong?

apache .htaccess mod-headers
Original Q&A
0

There are 0 answers

Related Questions in APACHE

Related Questions in .HTACCESS

Related Questions in MOD-HEADERS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions