Please wait...
Force HTTPS instead of HTTP.
In order to force using https for entire app or for one/more areas, you’ll have to use .htaccess if you are using apache web server.
The .htaccess contents should be as simple as:
# force https RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,QSA]
And you can place the .htaccess either in your document root where you want to redirect all the areas to https or you can also place it in the root of a given area, say in /backend or in /customer or in /api area.
Please note that if you are using tracking domains, you should not force using HTTPS globally, but rather do it only for the /backend, /customer and /api areas otherwise you would need a valid SSL certificate for all your tracking domains.