My site needs to use HTTPS so I am using the apache directive Header always add Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" and there are subdomains. Right now I use a meta refresh on the 400.html error page to redirect to https. What's the best way to redirect the entire site to HTTPS with Apache? THX
Use the http to https redirect option on the redierct tab of the website. But strict transport might still cause issues, you might have to test it. If the strict transport kicks in before redirects happen in apache, then you can't do a redirect without errors.
Thanks for the advice. I placed: Header always add Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" In the .htaccess of the subdomain where it counted and got it out of the apache directives for the site.