HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.


To enable HSTS, you just need to create .htaccess and place the code inside

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

To check if the HSTS is working, you can use the checking tools here

If you see it was green on Strict-Transport-Security, then it was done correctly.

More detail info about HSTS : Wikipedia