Sekrab Garage

HTTP Strict Transport Security

How to force browsers to redirect your domain to https globally

Tip May 1, 20
Subscribe to Sekrab Parts newsletter.

Issue a header over https to restrict access to your site to https. strict-transport-security: max-age=31556926; includeSubDomains; preload

Open chrome://net-internals/#hsts to add a domain to always force it into https locally. To list your domain globally so that the browser always redirects your website to https, apply to HSTS Preload List.

Are you trying to test your exact domain locally through "etc/hosts" file? This will break your test, because the browser will always redirect to https.