Forcing HTTPS

Please note that if you have a custom domain, forcing HTTPS is something that you should do after you have set up HTTPS -- otherwise you will be forcing visitors to your site to use a protocol that it does not support, and they will get security errors.

What is forcing HTTPS?¶

For some web sites you might want to not just offer HTTPS access to your users -- you might want to force all connections to go through HTTPS, so that when someone visits http://www.yoursite.com/ they're automatically redirected to https://www.yoursite.com/. This is something you can set up on the "Web" page:

Click on the slider to activate it, and then reload your website using the button at the top -- you're all set.

FAQ: can I force HTTPS on the naked domain?¶

The best way to do that is to use the free secure naked domain redirection service at NakedSSL.

Alternative solution: CloudFlare¶

Edge caching providers like CloudFlare have their own solutions for HTTPS redirecting, which are worth looking into:

• CloudFlare support article on https redirects
• Our own blog post on setting up CloudFlare and PythonAnywhere