Forcing HTTPS

For some web sites you might want to not just offer HTTPS access to your users -- you might want to force all connections to go through HTTPS. There are different ways to do that for different web frameworks. Here are some -- if you don't see the framework you use, let us know with the "Send Feedback" link above.

Django (1.8 or higher)

In, set:


and make sure you have the SecurityMiddleware enabled -

Django (older versions)


pip install --user django-sslify

Or install it into your virtualenv if you're using one.

Then add the middleware as the first middleware class you have in Also note that it won't force SSL if you have DEBUG = True in your settings (which in turn means you'll need to make sure that ALLOWED_HOSTS is set up properly).


Uncomment this line in



Use this Flask extension. Note that it doesn't work if you have DEBUG set to True.


Use this Bottle extension.

FAQ: can I force HTTPS on the naked domain?

You can't force-https if you're using a domain redirection service, but you can if you've manually set up a naked domain config. More info here: Naked Domains

Alternative solution: CloudFlare

Edge caching providers like CloudFlare have their own solutions for HTTPS redirecting, which are worth looking into: