1) Ensure that your site's code does NOT have any references to plain http resources e.g. image files, Javascript files etc. Any http calls must be replaced with the https equivalent, or you will get mixed content browser errors.
2) Add this code to the top of the .htaccess file in your site's root directory - note, it is very important that it is the first thing in the .htaccess file:
Header set Strict-Transport-Security "max-age=31536000"
Header set Content-Security-Policy "upgrade-insecure-requests"
RewriteEngine on
RewriteCond %{HTTP_HOST} ^<DOMAIN> [NC]
RewriteRule ^(.*)$ https://www.<DOMAIN>/$1 [NC,R=301,L]
RewriteCond %{HTTP_HOST} ^<DOMAIN> [OR]
RewriteCond %{HTTP_HOST} ^www.<DOMAIN>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.<DOMAIN>/$1 [NC,R=301,L]
ExpiresActive On
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 week"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/xml "access plus 1 week"
Categories
Categories
Enabling HTTP/2 For non-WordPress Sites Print
- 0
